Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable password proximity requests.

    &lt;VulnDiscussion&gt;This control allows one Apple device to be notified to share its password with a nearby device. This could lead to a compromi...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable password sharing.

    &lt;VulnDiscussion&gt;This control allows sharing passwords between Apple devices using AirDrop. This could lead to a compromise of the device pass...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable "Find My Friends" in the "Find My" app.

    &lt;VulnDiscussion&gt;This control does not share a DOD user's location but encourages location sharing between DOD mobile device users, which can ...
    Rule Low Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • The Apple iOS/iPadOS 18 must be supervised by the MDM.

    &lt;VulnDiscussion&gt;When an iOS/iPadOS is not supervised, the DOD mobile service provider cannot control when new iOS/iPadOS updates are installe...
    Rule Medium Severity
  • PP-MDF-333240

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable "Allow USB drive access in Files app" if the authorizing official (AO) has not approved the use of DOD-approved USB storage drives with iOS/iPadOS devices.

    &lt;VulnDiscussion&gt;Unauthorized use of USB storage drives could lead to the introduction of malware or unauthorized software into the DOD IT inf...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • The Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.

    &lt;VulnDiscussion&gt;Many software systems automatically send diagnostic data to the manufacturer or a third-party. This data enables the develope...
    Rule Low Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DOD security requirements.

    &lt;VulnDiscussion&gt;Configuration profiles define security policies on Apple iOS devices. If a user is able to remove a configuration profile, th...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable "Allow network drive access in Files access".

    &lt;VulnDiscussion&gt;Allowing network drive access by the Files app could lead to the introduction of malware or unauthorized software into the DO...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of dictation.

    &lt;VulnDiscussion&gt;If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of translation.

    &lt;VulnDiscussion&gt;If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable copy/paste of data from managed to unmanaged applications.

    &lt;VulnDiscussion&gt;If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses...
    Rule Medium Severity
  • PP-MDF-333350

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must have DOD root and intermediate PKI certificates installed.

    &lt;VulnDiscussion&gt;DOD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services....
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must be configured to disable "Auto Unlock" of the iPhone by an Apple Watch.

    &lt;VulnDiscussion&gt;Auto Unlock allows an Apple Watch to automatically unlock an iPhone or Mac when in close proximity (not available for iPad). ...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable the installation of alternative marketplace apps.

    &lt;VulnDiscussion&gt;Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious appl...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable app installation from a website.

    &lt;VulnDiscussion&gt;Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious appl...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must delete eSIM content when the device is erased.

    &lt;VulnDiscussion&gt;An eSIM may contain sensitive DOD data and must be wiped of data when the mobile device is wiped to protect sensitive data fr...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable ChatGPT connection for Apple Intelligence.

    &lt;VulnDiscussion&gt;The ChatGPT feature of Apple Intelligence allows DOD information to be downloaded from the DOD iPhone/iPad and processed by t...
    Rule Medium Severity
  • PP-MDF-993300

    <GroupDescription></GroupDescription>
    Group
  • Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates.

    &lt;VulnDiscussion&gt;Beta operating system updates may contain features that could lead to the compromise of sensitive DOD information or provide ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules