II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable Password AutoFill in browsers and applications.
The AutoFill functionality in browsers and applications allows the user to complete a form that contains sensitive information, such as PII, without previous knowledge of the information. By allowi...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable allow setting up new nearby devices.
This control allows Apple device users to request passwords from nearby devices. This could lead to a compromise of the device password with an unauthorized person or device. DoD Apple device passw...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable password proximity requests.
This control allows one Apple device to be notified to share its password with a nearby device. This could lead to a compromise of the device password with an unauthorized person or device. DoD App...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable password sharing.
This control allows sharing passwords between Apple devices using AirDrop. This could lead to a compromise of the device password with an unauthorized person or device. DoD Apple device passwords m...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable Find My Friends in the Find My app.
This control does not share a DoD user's location but encourages location sharing between DoD mobile device users, which can lead to operational security (OPSEC) risks. Sharing the location of a Do...Rule Low Severity -
PP-MDF-990000
Group -
The Apple iOS/iPadOS 16 must be supervised by the MDM.
When an iOS/iPadOS is not supervised, the DoD mobile service provider cannot control when new iOS/iPadOS updates are installed on site-managed devices. Most updates should be installed immediately ...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable "Allow USB drive access in Files app" if the authorizing official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices.
Unauthorized use of USB storage drives could lead to the introduction of malware or unauthorized software into the DoD IT infrastructure and compromise of sensitive DoD information and systems. SF...Rule Medium Severity -
PP-MDF-990000
Group -
The Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.
Many software systems automatically send diagnostic data to the manufacturer or a third party. This data enables the developers to understand real-world field behavior and improve the product based...Rule Low Severity -
PP-MDF-990000
Group -
Apple iOS must implement the management setting: Not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements.
Configuration profiles define security policies on Apple iOS devices. If a user is able to remove a configuration profile, the user can then change the configuration that had been enforced by that ...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable "Allow network drive access in Files access".
Allowing network drive access by the Files app could lead to the introduction of malware or unauthorized software into the DoD IT infrastructure and compromise of sensitive DoD information and syst...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable connections to Siri servers for the purpose of dictation.
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploi...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable connections to Siri servers for the purpose of translation.
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploi...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must disable copy/paste of data from managed to unmanaged applications.
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploi...Rule Medium Severity -
PP-MDF-990000
Group -
Apple iOS/iPadOS 16 must be configured to disable Auto Unlock of the iPhone by an Apple Watch.
Auto Unlock allows an Apple Watch to automatically unlock an iPhone or Mac when in close proximity (not available for iPad). This feature allows the iPhone/Mac to be unlocked without the user enter...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.