AIOS-17-710900 - Apple iOS/iPadOS 17 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device.

Information

When a user is allowed to use AirPlay without a password, it may mistakenly associate the iPhone and iPad with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one from the AirPlay list displayed). This creates the potential for someone in control of a mistakenly associated device to obtain DOD sensitive information without authorization. Requiring a password before such an association mitigates this risk. Passwords do not require any administration and are not required to comply with any complexity requirements.

SFR ID: FMT_SMF_EXT.1.1 #40

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to require the user to enter a password when connecting to an AirPlay-enabled device.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS-iPadOS_17_BYOAD_Y24M02_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17a., CAT|III, CCI|CCI-000063, Rule-ID|SV-259780r943665_rule, STIG-ID|AIOS-17-710900, Vuln-ID|V-259780

Plugin: MDM

Control ID: da0825eb1ee3fcfaf30dc1aafd1d69eaf0554f3ee377e851c204116ed262b131