AIOS-17-011600 - Apple iOS/iPadOS 17 must implement the management setting: not have any Family Members in Family Sharing.

Information

Apple's Family Sharing service allows Apple iOS/iPadOS users to create a Family Group whose members have several shared capabilities, including the ability to lock, wipe, play a sound on, or locate the iPhone and iPads of other members. Each member of the group must be invited to the group and accept that invitation. A DOD user's iPhone and iPad may be inadvertently or maliciously wiped by another member of the Family Group. This poses a risk that the user could be without a mobile device for a period of time or lose sensitive information that has not been backed up to other storage media. Configuring iPhone and iPads so their associated Apple IDs are not members of Family Groups mitigates this risk.

Note: If the site uses Apple's optional Automatic Device Enrollment, this control is available as a supervised MDM control.

SFR ID: FMT_SMF_EXT.1.1 #47

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

The user must either remove all members from the Family Group on the iPhone and iPad or associate the device with an Apple ID that is not a member of a Family Group.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS-iPadOS_17_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-6b., 800-53|IA-5(14), CAT|III, CCI|CCI-000366, CCI|CCI-002008, Rule-ID|SV-258351r959010_rule, STIG-ID|AIOS-17-011600, Vuln-ID|V-258351

Plugin: MDM

Control ID: c36811de06945b6daac2749468e71be6470817d9d3312339a7124dfb1a27a2c1