Apple iOS/iPadOS 18 must implement the management setting: approved Apple Watches must be managed by an MDM.

STIG ID: AIOS-18-012650  |  SRG: PP-MDF-993300 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-268049

Vulnerability Discussion

Authorizing official (AO) approval is required before an Apple Watch (DOD-owned or personally owned) can be paired with a DOD-owned iPhone to ensure the AO has evaluated the risk in having sensitive DOD data transferred to and stored on an Apple Watch in their operational environment.

SFRID: FMT_SMF.1.1 #47

Check

Determine if the site AO has approved the use of Apple Watch with DOD-owned iPhones. Look for a document showing approval. If not approved, this requirement is not applicable.

If approved, verify on the MDM server that the Apple Watch is being managed by the MDM. Have the MDM system administrator show that the Apple Watch is being managed by the MDM.

If the AO has approved pairing an Apple Watch with a DOD-owned iPhone and the Apple Watch is not being managed by the site MDM server, this is a finding.

Note: The iPhone paired to the Apple Watch must be supervised for the MDM to manage the Apple Watch.

Fix

If the AO has not approved the use of Apple Watch with DOD-owned iPhones, this requirement is not applicable.

If the AO has approved the use of Apple Watch with DOD-owned iPhones, enroll the Apple Watch in MDM management.

Note: The iPhone paired to the Apple Watch must be supervised for the MDM to manage the Apple Watch.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.