Detections
Analytics

AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1

Audit Details

Name: AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1

Updated: 6/17/2024

Authority: CIS

Plugin: MDM

Revision: 1.13

Estimated Item Count: 27

File Details

Filename: CIS_Apple_iOS_10_End_User_Owned_L1_v2.0.0-AirWatch.audit

Size: 40.3 kB

MD5: fbaaafd8e6dc3221ecf1c44cca96541b
SHA256: 9e49b07a814c975642d56c21a056c72b5d9108b46db54bfd2f700ab5b5f2642b

Audit Items

DescriptionCategories
2.1.1 Ensure a 'Consent Message' has been 'Configured'
2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always'
2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.2 Ensure 'Allow Siri while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled'

ACCESS CONTROL

2.2.1.6 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.8 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'

ACCESS CONTROL

2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'
2.2.1.11 Ensure 'Show Control Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.12 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'
2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only'
2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'
2.4.1 Ensure 'Allow simple value' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater

IDENTIFICATION AND AUTHENTICATION

2.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less

ACCESS CONTROL

2.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'

ACCESS CONTROL

2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'

ACCESS CONTROL

2.5.1 Ensure 'VPN' is 'Configured'
2.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'

ACCESS CONTROL

4.1 Ensure Device is not Obviously Jailbroken

ACCESS CONTROL

4.2 Ensure 'Software Update' returns 'Your software is up to date.'

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices