Secure Messaging

iMessage

Name: iMessage
Author: Apple

by Apple

Not FedRAMP Authorized

FedRAMP Status

Not FedRAMP Authorized

Impact Level

N/A

Overview

iMessage is the default messaging app on iPhones and is explicitly listed by DoD as not authorized for non-public DoD information. Because it is the default app, defense personnel and contractors frequently use it without thinking about compliance, creating one of the largest CUI leakage vectors.

CUI Risk Assessment

DoD memorandum explicitly lists iMessage as NOT authorized for non-public DoD information. Widely used because it is the default on iPhones, creating significant CUI leakage risk.

NIST 800-171 Violations

Using iMessage for CUI without FedRAMP authorization may violate these NIST 800-171 controls:

3.1.1 3.1.2 3.3.1 3.8.1 3.13.8

FedRAMP Compliant Alternatives

AWS Wickr

Amazon Web Services — High Impact

Microsoft Teams GCC High

Microsoft — High Impact

Frequently Asked Questions

Is iMessage approved for defense communications?

No. DoD memoranda explicitly prohibit iMessage for non-public DoD information. Its default status on iPhones makes it a common but unauthorized communication channel for CUI.

Run a Full Tech Stack Audit

Check all your enterprise tools at once with our free CUI Compliance Auditor.

Launch CUI Auditor

← CUI Compliance Auditor