AIOS-15-010400 - Apple iOS/iPadOS 15 must require a valid password be successfully entered before the mobile device data is unencrypted.

Information

Passwords provide a form of access control that prevents unauthorized individuals from accessing computing resources and sensitive data. Passwords may also be a source of entropy for generation of key encryption or data encryption keys. If a password is not required to access data, this data is accessible to any adversary who obtains physical possession of the device. Requiring that a password be successfully entered before the mobile device data is unencrypted mitigates this risk.

Note: MDF PP v2.0 requires a Password Authentication Factor and requires management of its length and complexity. It leaves open whether the existence of a password is subject to management. This requirement addresses the configuration to require a password, which is critical to the cybersecurity posture of the device.

SFR ID: FIA_UAU_EXT.1.1

Solution

Install a configuration profile to require a password to unlock the device.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS-iPadOS_15_V1R4_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|I, CCI|CCI-000366, Rule-ID|SV-250947r801932_rule, STIG-ID|AIOS-15-010400, Vuln-ID|V-250947

Plugin: MDM

Control ID: 7d7f13516953121ccdf09746f377402b50a5cc0ea708cb46b4fd0958fae3fc52