Rule ID
SV-276201r1115672_rule
Version
V2R2
CCIs
The use of voice assistants could expose sensitive DOD data to cloud-based servers during the processing of assistant requests. SFR ID: FMT_MOF_EXT.1.2 #47
Review configuration settings to confirm Siri is disabled. Exception: Siri is allowed if used to meet Section 508 compliance requirements. Note: This control may not be configurable by some MDM products when "Allow Siri" is disabled. This is a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding. If the iPhone or iPad being reviewed is supervised by the MDM, follow these procedures: This check procedure is performed on both the device management tool and the iPhone and iPad device. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS/iPadOS management tool, verify "Show user-generated content in Siri" or "Allow Siri" is unchecked. On the iPhone/iPad device: 1. Open the Settings app. 2. Tap "General". 3. Tap "VPN & Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "Show user-generated content in Siri not allowed" or "Siri not allowed" is listed. If "Show user-generated content in Siri" is not disabled or Siri is not disabled in the management tool and on the Apple device, this is a finding.
Install a configuration profile to disable "Show user-generated content in Siri" unless required to meet Section 508 compliance requirements. This is a supervised-only control. Note: This control may not be configurable by some MDM products when "Allow Siri" is disabled.