论坛公告:应用容器安全指南(SP800-190)中文版   美国政府宣布禁用卡巴斯基软件   《中华人民共和国网络安全法》讨论帖   新手报到专用帖   【论坛公告】关于本站广告贴泛滥问题的整理通知   

当前时区为 UTC + 8 小时


发表新帖 回复这个主题  [ 1 篇帖子 ] 
作者 内容
 文章标题 : 美国国防部《苹果IOS6安全技术配置指南》
帖子发表于 : 2013-06-12 09:28 
离线
新手

注册: 2013-06-09 06:08
最近: 2013-06-27 10:08
拥有: 392.00 安全币

奖励: 5 安全币
在线: 254 点
帖子: 6
附件:
u_apple_iOS_6_v1r2_stig.zip [1.46 MiB]

注意:所有附件下载均需支付10安全币,不足10安全币不能下载!重复下载以前下载过的附件不再需要安全币。

1. The VPN client on mobile devices used for remote access to DoD networks must be FIPS 140-2 validated.
2. All mobile device VPN clients used for remote access to DoD networks must support AES encryption.
3. All mobile device VPN clients used for remote access to DoD networks must be configured to require CAC authentication.
4. All mobile device VPN clients must have split tunneling disabled.
5. Smart Card Readers (SCRs) used with CMDs must have required software version installed.
6. S/MIME must be installed on mobile device, so users can sign/encrypt email.
7. If mobile device email auto signatures are used, the signature message must not disclose the email originated from a CMD (e.g., Sent From My Wireless Handheld).
8. The browser must direct all traffic to a DoD Internet proxy gateway.
9. Mobile devices must have the required operating system software version installed.
10. Mobile devices must be configured to require a password/passcode for device unlock.
11. The iOS device password complexity must be set to the required value.
12. Maximum passcode age must be set.
13. The mobile device must be set to lock the device after a set period of user inactivity.
14. Passcode maximum failed attempts must be set to required value.
15. Access to public media stores must be disabled.
16. Users ability to download iOS applications must be disabled.
17. Mobile device cameras must be used only if documented approval is in the site physical security policy.
18. Mobile device screen capture must not be allowed.
19. The device minimum password/passcode length must be set.
20. Apple iOS Auto-Lock must be set.
21. The mobile device passcode/password history setting must be set.
22. The mobile device Bluetooth radio must only connect to authorized Bluetooth peripherals.
23. All mobile devices must display the required banner during device unlock/logon.
24. iOS Safari must be disabled.
25. Location services must be turned off unless authorized for use for particular applications, in which case, location services must only be available to the authorized applications.
26. The iOS device Wi-Fi setting Ask to Join Networks must be set to Off at all times (User Based Enforcement (UBE)).
27. Access to online application purchases must be disabled.
28. Remote full device wipe must be enabled.
29. iOS Siri application must be disabled.
30. iOS Multiplayer Gaming must be disabled.
31. Adding Game Center Friends must be disabled.
32. iCloud Backup must be disabled.
33. Document Syncing must be disabled.
34. Photo Stream must be disabled.
35. Diagnostic Data must not be sent to Apple or other unauthorized entity.
36. All mobile device VPN clients must timeout after a set period of inactivity.
37. The mobile operating system must not cache smart card or certificate store passwords used by the VPN client for more than two hours.
38. MDM, MAM, and integrity validation agent(s) must be installed on the mobile OS device.
39. The mobile operating system must not permit a user to disable or modify the security policy or enforcement mechanisms on the device.
40. The mobile operating system must provide mutual authentication between the provisioning server and the provisioned device during a trusted over-the-air (OTA) provisioning session.
41. The mobile operating system must protect the confidentiality of the provisioning data downloaded to the handheld device during a trusted over-the-air (OTA) provisioning session.
42. The mobile operating system must protect the integrity of the provisioning data downloaded to the handheld device during a trusted over-the-air (OTA) provisioning session.
43. The mobile operating system must support the capability for the system administrator to disable over-the-air (OTA) provisioning.
44. The cryptographic module supporting encryption of data in transit (including email and attachments) must be FIPS 140-2 validated.
45. The mobile operating system must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.
46. The mobile operating system must employ a DoD-approved anti-malware protections.
47. Shared Photo Stream must be disabled.
48. Access to iOS Passbook applications must be disabled.
49. The iOS device user must not allow applications to share data between iOS devices via Bluetooth.
50. A Wi-Fi profile must be set up on managed iOS devices to disable access to any public Wi-Fi network that iOS may otherwise auto-join.
51. The ability to wipe a DoD iOS device via an iCloud account must be disabled.
52. The iOS device iMessage service must be set to Off at all times (User Based Enforcement (UBE)).
53. The iOS Passcode must contain at least one alphabetic and one numeric character.
54. The iOS Passcode must contain at least one complex (non-alphanumeric) character.


--------本帖迄今已累计获得40安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 1 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
cron
华安信达(CISPS.org) ©2003 - 2012