Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Apple iOS/iPadOS 18 Security Technical Implementation Guide
PP-MDF-993300
PP-MDF-993300
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
PP-MDF-993300
1 Rule
<GroupDescription></GroupDescription>
Apple iOS/iPadOS 18 must require a valid password be successfully entered before the mobile device data is unencrypted.
High Severity
<VulnDiscussion>Passwords provide a form of access control that prevents unauthorized individuals from accessing computing resources and sensitive data. Passwords may also be a source of entropy for generation of key encryption or data encryption keys. If a password is not required to access data, this data is accessible to any adversary who obtains physical possession of the device. Requiring that a password be successfully entered before the mobile device data is unencrypted mitigates this risk. Note: MDF PP requires a Password Authentication Factor and requires management of its length and complexity. It leaves open whether theĀ existence of a password is subject to management. This requirement addresses the configuration to require a password, which is critical to the cybersecurity posture of the device. SFRID: FIA_UAU_EXT.1.1</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>