From Apple iOS 10 Security Technical Implementation Guide
Part of PP-MDF-991000
Associated with: CCI-000366 CCI-002338
When a user is allowed to use AirPlay without a password, there is the potential that it may mistakenly associate the Apple iOS device with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one from the AirPlay list displayed). This creates the potential that someone in control of a mistakenly associated device may obtain DoD-sensitive information without authorization. Requiring a password before such an association mitigates this risk. Passwords do not require any administration, nor must they comply with any complexity requirements.
Review configuration settings to confirm "Require passcode on first AirPlay pairing" is enabled.
This check procedure is performed on both the Apple iOS management tool and the Apple iOS device.
Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.
In the Apple iOS management tool, verify "Require passcode on first AirPlay pairing" is checked.
Alternatively, verify the text
"
Install a configuration profile to require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer