Apple iOS/iPadOS 26 must be configured to disable Wi-Fi Aware.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-278853	PP-MDF-993300	AIOS-26-018300	SV-278853r1151257_rule	2025-12-01	1

Description
Wi-Fi Aware allows direct connections between nearby devices for fast data transfer, video streaming, and multiplayer gaming. It allows full peer-to-peer device discovery and communication where two or more devices are publishing and/or subscribing to the same known service name. There is risk that sensitive DOD information could be transferred from a DOD mobile device to a non-DOD device or from Work Profile apps on a DOD device to Personal Profile apps on a non-DOD device. SFR ID: FMT_MOF_EXT.1.2 #47 SFR ID: FMT_SMF.1.1 #47

Description

Wi-Fi Aware allows direct connections between nearby devices for fast data transfer, video streaming, and multiplayer gaming. It allows full peer-to-peer device discovery and communication where two or more devices are publishing and/or subscribing to the same known service name. There is risk that sensitive DOD information could be transferred from a DOD mobile device to a non-DOD device or from Work Profile apps on a DOD device to Personal Profile apps on a non-DOD device. SFR ID: FMT_MOF_EXT.1.2 #47 SFR ID: FMT_SMF.1.1 #47

ℹ️ Check
Confirm required Wi-Fi Aware procedures have been implemented. 1. Verify required training has been received by site personal that have site managed iPhones and iPads (AIOS-26-0011900). 2. Verify the site reviewed all managed iOS/iPadOS apps installed on site managed iPhones and iPads for Wi-Fi Aware support and removed all apps that support Wi-Fi Aware. Discuss with the ISSO/ISSM. If the site also manages the deployment of unmanaged apps on site managed iPhones and iPads, verify unmanaged apps were also reviewed. 3. Review site app vetting procedures and verify they include review of Wi-Fi Aware capabilities in all apps. Verify apps with Wi-Fi Aware capability are disapproved for use. If the site has not reviewed current managed apps for Wi-Fi Aware capabilities or did not remove Wi-Fi Aware capable apps, this is a finding. If the site app vetting procedures do not include a review of Wi-Fi Aware capabilities in all apps or disapprove apps with Wi-Fi Aware capability, this is a finding.

ℹ️ Check

Confirm required Wi-Fi Aware procedures have been implemented. 1. Verify required training has been received by site personal that have site managed iPhones and iPads (AIOS-26-0011900). 2. Verify the site reviewed all managed iOS/iPadOS apps installed on site managed iPhones and iPads for Wi-Fi Aware support and removed all apps that support Wi-Fi Aware. Discuss with the ISSO/ISSM. If the site also manages the deployment of unmanaged apps on site managed iPhones and iPads, verify unmanaged apps were also reviewed. 3. Review site app vetting procedures and verify they include review of Wi-Fi Aware capabilities in all apps. Verify apps with Wi-Fi Aware capability are disapproved for use. If the site has not reviewed current managed apps for Wi-Fi Aware capabilities or did not remove Wi-Fi Aware capable apps, this is a finding. If the site app vetting procedures do not include a review of Wi-Fi Aware capabilities in all apps or disapprove apps with Wi-Fi Aware capability, this is a finding.

✔️ Fix
Remove Wi-Fi Aware-capable apps on site managed Apple iOS/iPadOS 26 devices. There are three steps to implementing this control: 1. Train all users to not accept connection requests from nearby devices. This requirement is met by AIOS-26-0011900. 2a. Review all MDM managed apps deployed to site iPhones and iPads. If an app supports Wi-Fi Aware, it must be removed from all site devices. Note: There is currently no management API/key to disable Wi-Fi Aware on Apple devices. 2b. If a site manages unmanaged apps on site iPhones and iPads, review all unmanaged apps deployed on site iPhones and iPads. If an app supports Wi-Fi Aware, it must be removed from all site devices. 3a. For managed apps being reviewed for approval, the site app vetting process must determine if the app supports Wi-Fi Aware. If Wi-Fi Aware is supported, the app must not be approved for use on site iPhones and iPads. 3b. If a site manages unmanaged apps on site iPhones and iPads, the site app vetting process must determine if the app supports Wi-Fi Aware. If Wi-Fi Aware is supported, the app must not be approved for use on site iPhones and iPads.

✔️ Fix

Remove Wi-Fi Aware-capable apps on site managed Apple iOS/iPadOS 26 devices. There are three steps to implementing this control: 1. Train all users to not accept connection requests from nearby devices. This requirement is met by AIOS-26-0011900. 2a. Review all MDM managed apps deployed to site iPhones and iPads. If an app supports Wi-Fi Aware, it must be removed from all site devices. Note: There is currently no management API/key to disable Wi-Fi Aware on Apple devices. 2b. If a site manages unmanaged apps on site iPhones and iPads, review all unmanaged apps deployed on site iPhones and iPads. If an app supports Wi-Fi Aware, it must be removed from all site devices. 3a. For managed apps being reviewed for approval, the site app vetting process must determine if the app supports Wi-Fi Aware. If Wi-Fi Aware is supported, the app must not be approved for use on site iPhones and iPads. 3b. If a site manages unmanaged apps on site iPhones and iPads, the site app vetting process must determine if the app supports Wi-Fi Aware. If Wi-Fi Aware is supported, the app must not be approved for use on site iPhones and iPads.