Skip Ribbon Commands Skip to main content

iOS Devices

*PKI = DoD PKI Certificate Required

The iOS 4 Interim Security Configuration Guide (ISCG) was released on 20 October 2011. When approved by a Component CIO, an ISCG may be used to configure iOS devices for limited deployment, pilots and demonstrations. Enterprise-wide deployments for iOS devices will be authorized when a full STIG specific to those systems is approved. The DSAWG has not identified specific conditions that will allow the currently written iOS ISCG to be approved as a full STIG.

The iOS ISCG requires the use of the Good Technology Good For Enterprise mobile messaging solution, which includes a Good client application on the device where all email messages and attachments are stored in a FIPS 140-2 validated encrypted container. Biometrics Associates makes a Bluetooth smart card reader than can be used to support hard token S/MIME operations from within the Good client.

The complete iOS 4 ISCG is available at http://iase.disa.mil/stigs/net_perimeter/wireless/Pages/smartphone.aspx under ISCG for Apple iOS Devices.

Description
Apple iOS: Good Mobile Control and End User S/MIME Configuration *PKI
This appendix to the Apple iOS 4 ISCG Technology Overview provides instructions for configuring S/MIME capabilities on iOS devices (including iPhone, iPad and iPod Touch) using the Good Mobile Control solution. Both server-side and end user device configuration instructions are provided, including configuring the Good Mobile Control server for use with DoD PKI and S/MIME support, pairing the iOS device with a baiMobile 3000MP Bluetooth smart card reader and installing user certificates on the device. (PDF Download) Date: 10/20/2011 | Size: 281 KB
InstallRoot 5.2: NIPR Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.1 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
InstallRoot 5.2: User Guide
This guide provides installation and usage instructions for the DoD PKE InstallRoot 5.2 tool. (PDF Download) Date: 11/20/2017 | Size: 2.6 MB
iPad 3: Pairing with a baiMobile 3000MP Smart Card Reader (SCR) *PKI
This guide provides step-by-step instructions for pairing a baiMobile 3000MP SCR with an iPad 3 to enable the smart card digital signature and encryption functionality of the Good for Enterprise email client. (PDF Download) Date: 06/13/2012 | Size: 865 KB
iPhone 4S: CAC-Enabled Web Browsing Using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application *PKI
This guide provides step-by-step instructions for initial setup and basic CAC-enabled web browsing on an iOS device using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application (App). (PDF Download) Date: 09/17/2012 | Size: This guide provides step-by-step instructions for initial setup and basic CAC-enabled web browsing on an iOS device using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application (App). (PDF Download) Date: 09/17/2012 | Size: 1,045 KB
iPhone 4S: Pairing with a baiMobile 3000MP Smart Card Reader (SCR) *PKI
This guide provides step-by-step instructions for pairing a baiMobile 3000MP SCR with an iPhone 4S to enable the smart card digital signature and encryption functionality of the Good for Enterprise email client. (PDF Download) Date: 06/13/2012 | Size: 883 KB
PKI-PKE