AIOS-13-011100 - Apple iOS/iPadOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.

Information

When a user is allowed to use AirPlay without a password, there is the potential that it may mistakenly associate the iPhone and iPad with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one from the AirPlay list displayed). This creates the potential that someone in control of a mistakenly associated device may obtain DoD-sensitive information without authorization. Requiring a password before such an association mitigates this risk. Passwords do not require any administration, and are not required to comply with any complexity requirements.

SFR ID: FMT_SMF_EXT.1.1 #40

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to require the user to enter a password when connecting to an AirPlay-enabled device for the first time.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS_iPadOS_13_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17a., CAT|III, CCI|CCI-000063, Rule-ID|SV-219372r604137_rule, STIG-ID|AIOS-13-011100, STIG-Legacy|SV-106577, STIG-Legacy|V-97473, Vuln-ID|V-219372

Plugin: MDM

Control ID: 5679b46e5bceacc41328794491fee3a3b64021bde54d149486d293689f8c12fb