AIOS-16-710900 - Apple iOS/iPadOS 16 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.

Information

When a user is allowed to use AirPlay without a password, it may mistakenly associate the iPhone and iPad with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one from the AirPlay list displayed). This creates the potential for someone in control of a mistakenly associated device to obtain DOD sensitive information without authorization. Requiring a password before such an association mitigates this risk. Passwords do not require any administration and are not required to comply with any complexity requirements.

SFR ID: FMT_SMF_EXT.1.1 #40

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to require the user to enter a password when connecting to an AirPlay-enabled device for the first time.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS-iPadOS_16_BYOAD_Y23M08_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17a., CAT|III, CCI|CCI-000063, Rule-ID|SV-257122r904266_rule, STIG-ID|AIOS-16-710900, Vuln-ID|V-257122

Plugin: MDM

Control ID: eb0d1841e87ffcb25cf3b04297c54d8a5b33e1114e82060b58e27535d6caa4ed