Checklist Details for Apple iOS 6 STIG Version 1, Release 2

(Archived Revisions)

Checklist Highlights

Checklist Name:
Apple iOS 6 STIG
Version 1, Release 2
Review Status:
Governmental Authority: Defense Information Systems Agency
Target Product:
Target Product CPE Name Product Category
Apple iPhone OS 6.0 cpe:/o:apple:iphone_os:6.0 (View CVEs)
  • Operating System
Apple iPhone OS 6.0.1 cpe:/o:apple:iphone_os:6.0.1 (View CVEs)
  • Operating System
Apple iPhone OS 6.0.2 cpe:/o:apple:iphone_os:6.0.2 (View CVEs)
  • Operating System
Apple iPhone OS 6.1 cpe:/o:apple:iphone_os:6.1 (View CVEs)
  • Operating System
Apple iPhone 4s cpe:/h:apple:iphone_4s:- (View CVEs)
  • Handheld Device
Apple iPhone 5 cpe:/h:apple:iphone_5:- (View CVEs)
  • Handheld Device
Apple iPad2 cpe:/h:apple:ipad2:- (View CVEs)
  • Handheld Device
Apple iPad Mini cpe:/h:apple:ipad_mini- (View CVEs)
  • Handheld Device
Checklist Summary:
The Apple iOS 6 Security Technical Implementation Guide (STIG) provides security policy and configuration requirements for the use of iPhone 4s, iPad2, iPad Mini, and later iOS devices in the Department of Defense (DoD) in DoD approved pilots. Note: Unless specifically indicated otherwise, when the term iOS devices is used in this document, it will include any iPhone 4s and iPad 2 or later devices. iPod touch devices are not included because the older processor architecture inside the iPod does not support the trusted iOS boot process now available in iPhone 4s and iPhone 5. The STIG requires the use of third-party security agents and servers to manage security features on the iOS device. Any compliant third-party product can be used to meet the security requirements of this STIG but care must be used in the selection of products that meet all STIG security requirements and interoperate with other required third-party products. Additional information can be found in Section 2 of this document. This STIG is an update to the Interim Security Configuration Guide (ISCG) for iOS 6 and therefore does not provide traceability to the Mobility Security Requirements Guides (SRGs). Accordingly, it cannot be used to verify compliance with the SRG requirements. However, several requirement statements from the Mobile Operating System (MOS) SRG and the Mobile Device Management (MDM) SRG were included in this STIG when they were found to be applicable.
Checklist Role:
  • Operating System
  • Handheld Device
Known Issues:
Disadvantages -Currently available mobile VPN products do not support both FIPS-validated encryption and CAC authentication. -Limited choices available today for session-based VPNs. (IPSec VPNs have significant performance issues in a handheld mobile device environment.) -The Wireless STIG requires mobile VPN clients to drop connections to DoD networks after a period of user inactivity. This requirement could cause performance issues in an environment with push email service and CAC authentication. Testing is required to determine the extent of these issues. -Currently available mobile VPN products do not support saving downloaded data to the security container.
Target Audience:
This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.
Testing Information:
Not provided.
Regulatory Compliance:
DoD Directive (DoDD) 8500.1 and 8500.2
Not provided.
Product Support:
Not provided.
Point of Contact:
Comments or proposed revisions to this document should be sent via email to the following address: DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.
Department of Defense (DoD)
Not provided.
Change History:
Version 1, Release 2 - 23 May 2013
Version 1, Release 1 - 29 January 2013
NIST checklist record last modified on 09/25/2013