The connection of a DOD iPhone to a Mac or PC could cause the exposure of sensitive DOD information.
SFR ID: FMT_MOF_EXT.1.2 #47
Check
Review configuration settings to confirm it is disabled.
This is a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding.
If the iPhone or iPad being reviewed is supervised by the MDM, follow these procedures:
This check procedure is performed on both the device management tool and the iPhone and iPad device.
Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.
In the iOS/iPadOS management tool, verify "Allow host pairing" is unchecked.
On the iPhone/iPad device: 1. Open the Settings app. 2. Tap "General". 3. Tap "VPN & Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "Pairing with iTunes not allowed" is listed.
If "Host pairing" is not disabled in the management tool or on the Apple device, "Pairing with iTunes not allowed" is not listed, this is a finding.
Note: Some applications used to remove iPhone and iPad data to meet the DOD data retention policy require host pairing be enabled. Host pairing may be temporarily enabled for this purpose only, with authorizing official (AO) approval.
Fix
Install a configuration profile to disable "Allow host pairing". This is a supervised-only control.
Configuration Profile Key: allowHostPairing
Note: Some applications used to remove iPhone and iPad data to meet the DOD data retention policy require host pairing be enabled. Host pairing may be temporarily enabled for this purpose only, with AO approval.