The iOS/iPadOS 16 BYOAD device must be configured to disable copy and paste from managed (work profile) apps/contacts to unmanaged (personal profile) apps/contacts and vice versa.

An XCCDF Rule

Description

<VulnDiscussion>Protection of DOD data is a key construct of the BYOAD security baseline, including disabling the capability to copy/paste data between the managed/work profile and the unmanaged/personal profile. Reference: NIST Special Publication 1800-22, "Mobile Device Security: Bring Your Own Device (BYOD)". SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-257098r904039_rule
Severity: Medium
References: CCI-002218
Updated: 8 months ago

Configure the Apple iOS configuration profile to disable copy/paste of data from managed to unmanaged applications.

The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider.

In the MDM console, set "Require managed pasteboard" to "True".
Note: This requirement is the same as AIOS-16-714600 in the Apple iOS/iPadOS 16 BYOAD STIG.

The iOS/iPadOS 16 BYOAD device must be configured to disable copy and paste from managed (work profile) apps/contacts to unmanaged (personal profile) apps/contacts and vice versa.

Description

Remediation - Manual Procedure