AIOS-13-004300 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud Keychain).

Information

The iCloud Keychain is an Apple iOS/iPadOS function that will store users' account names and passwords in iCloud and then synchronize this data among the users' Macs, iPhones, and iPads. An adversary may use any of the stored iCloud keychain passwords after unlocking one of the synchronized devices. If a user is synchronizing devices, the user must protect all of the devices to prevent unauthorized use of the passcodes. Moreover, the keychain being transmitted through the cloud opens the possibility that a well-resourced, sophisticated adversary could compromise the cloud-transmitted keychain. Not allowing the iCloud Keychain feature mitigates the risk of the encrypted set of passwords being compromised when transmitted through the cloud or synchronized across multiple devices.

Note: If the AO has approved the use/storage of DoD data in one or more personal (unmanaged) apps, allowing unrestricted activity by the user in downloading and installing personal (unmanaged) apps on the iOS 11 device may not be warranted due to the risk of possible loss of or unauthorized access to DoD data.

SFR ID: FMT_MOF_EXT.1.2 #40

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to disable iCloud keychain.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS_iPadOS_13_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6(1), 800-53|CM-6b., 800-53|CM-7(5)(a), CAT|II, CCI|CCI-000366, CCI|CCI-000370, CCI|CCI-001772, Rule-ID|SV-219360r604137_rule, STIG-ID|AIOS-13-004300, STIG-Legacy|SV-106551, STIG-Legacy|V-97447, Vuln-ID|V-219360

Plugin: MDM

Control ID: 0489c3bab49d7de6b680a905d77515c9f2ccfd13e6cecd7fbf5271df4eb07da6