The iOS/iPadOS 16 BYOAD must be configured to either disable access to DOD data, IT systems, and user accounts or wipe managed data and apps if the EMM system detects the BYOAD device has known malicious, blocked, or prohibited applications or is configured to access nonapproved managed third-party applications stores.
An XCCDF Rule
Description
<VulnDiscussion>When a BYOAD is out of compliance, DOD data and apps must be removed to protect against compromise of sensitive DOD information. Reference: DOD policy "Use of Non-Government Mobile Devices". 3.a.(3)iii. SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-257092r904021_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the EMM system to either disable access to DOD data, IT systems, and user accounts or wipe managed data and apps if it has detected the iOS/iPadOS 16 BYOAD device has known malicious, blocked, or prohibited managed applications or is configured to access nonapproved third-party applications stores for managed apps.
Note: When managed data and apps are wiped, all managed data and files in the Files app must be wiped as well. The exact procedure will depend on the EMM system used at the site.