AIOS-14-009300 - Apple iOS/iPadOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.

Information

When a user is allowed to use AirPlay without a password, there is the potential that it may mistakenly associate the iPhone and iPad with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one from the AirPlay list displayed). This creates the potential that someone in control of a mistakenly associated device may obtain DoD-sensitive information without authorization. Requiring a password before such an association mitigates this risk. Passwords do not require any administration, and are not required to comply with any complexity requirements.

SFR ID: FMT_SMF_EXT.1.1 #40

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to require the user to enter a password when connecting to an AirPlay-enabled device for the first time.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS_iPadOS_14_V1R3_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17a., CAT|III, CCI|CCI-000063, Rule-ID|SV-228755r561031_rule, STIG-ID|AIOS-14-009300, Vuln-ID|V-228755

Plugin: MDM

Control ID: a40c91b78bec8619510ea0f39df7c6de6e0b2b29dd19895f8d2c7c69e67ee28b