Checklist Summary:

The Apple iOS 6 Interim Security Configuration Guide (ISCG) provides security policy and configuration requirements for the use of iPhone 4s, iPad2, iPad Mini, and later iOS devices in the Department of Defense (DoD) in DoD approved pilots. The Defense Information Assurance Security Accreditation Working Group (DSAWG) has approved the use of this guide for all DoD iOS pilots that have been registered with the DoD CIO Commercial Mobile Device Working Group (CMDWG) and are operated in accordance with the DoD CIO Memorandum, "Use of Commercial Mobile Devices (CMDs) in the DoD", 6 April 2011. Note: Unless specifically indicated otherwise, when the term "iOS devices" is used in this document, it will include any iPhone 4s and iPad 2 or later devices. iPod touch devices are not included because the older processor architecture inside the iPod does not support the trusted iOS boot process now available in iPhone 4s and iPhone 5. The ISCG requires the use of third-party security agents and servers to manage security features on the iOS device. Any compliant third-party product can be used to meet the security requirements of this ISCG but care must be used in the selection of products that meet all ISCG security requirements and interoperate with other required third-party products. Additional information can be found in Chapter 2 of this document. This ISCG is an update to the iOS 4 ISCG and therefore does not provide traceability to the Mobility Security Requirements Guides (SRGs). Accordingly, it cannot be used to verify compliance with the SRG requirements. However, several requirement statements from the Mobile Operating System (MOS) SRG and the draft Mobile Device Management (MDM) SRG were included in this ISCG when they were found to be applicable.

Checklist Role:

• Desktop or Mobile Client
• Operating System

Known Issues:

Disadvantages -Currently available mobile VPN products do not support both FIPS-validated encryption and CAC authentication. -Limited choices available today for session-based VPNs. (IPSec VPNs have significant performance issues in a handheld mobile device environment.) -The Wireless STIG requires mobile VPN clients to drop connections to DoD networks after a period of user inactivity. This requirement could cause performance issues in an environment with push email service and CAC authentication. Testing is required to determine the extent of these issues. -Currently available mobile VPN products do not support saving downloaded data to the security container.

Target Audience:

This document is a requirement for all DoD-administered systems and all systems connected to DoD networks. These requirements are designed to assist Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.

Target Operational Environment:

• Managed

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Sponsor:

Department of Defense (DoD)

Licensing:

Not provided.

Change History:

Version 1, Release 1 - 29 January 2013

Dependency/Requirements:

URL	Description
http://iase.disa.mil/stigs/net_perimeter/wireless/u_iscg_apple_iOS_memo.pdf	ISCG for Apple iOS 6 - Release Memo

References:

Reference URL	Description

NIST checklist record last modified on 05/07/2013