Apple iOS/iPadOS 18 must implement the management setting: disable Camera.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-276224 | AIOS-18-018100 | SV-276224r1116200_rule | Medium |
| Description |
| Authorizing Official (AO) approval is required before the Apple device camera can be enabled for a specific user or group of users, based on a risk assessment of the operational environment. Camera use may lead to the exposure of sensitive DOD information in some operational environments. SFR ID: FMT_MOF_EXT.1.2 #47 |
| STIG | Date |
| Apple iOS/iPadOS 18 Security Technical Implementation Guide | 2025-06-30 |
Details
| Check Text (C-80379r1116198_chk) |
| Determine if the site AO has approved the use of Apple device cameras. Look for a document showing approval for a specific user or group of users. If not approved, review configuration settings to confirm "Allow Camera" is disabled. If approved, this requirement is not applicable. This a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding (if the AO has not approved the use of the Apple device camera). If the iPhone or iPad being reviewed is supervised by the MDM, follow these procedures: This check procedure is performed on both the device management tool and the iPhone. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Allow Camera" is unchecked. On the iPhone: 1. Open the Settings app. 2. Tap "General". 3. Tap "VPN & Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "Camera not allowed" is listed. If the AO has not approved Apple device camera use, "Allow camera" is listed in the management tool, and "Camera not allowed" is not listed on the Apple device, this is a finding. |
| Fix Text (F-80284r1116199_fix) |
| If the AO has not approved the use of Apple device cameras, install a configuration profile to disable camera use. This a supervised-only control. |