MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1

Audit Details

Name: MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1

Updated: 6/17/2024

Authority: CIS

Plugin: MDM

Revision: 1.13

Estimated Item Count: 27

File Details

Filename: CIS_Apple_iOS_11_End_User_Owned_L1_v1.0.0-MobileIron.audit

Size: 38.9 kB

MD5: 76a1350f358986e88cb527d6bfa3b164
SHA256: 613c27cf4e583b12f12063b0c2501d4a9e648aab805cdc4dfe917371c02cd98c

Audit Items

DescriptionCategories
2.1.1 Ensure a 'Consent Message' has been 'Configured'
2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always'

ACCESS CONTROL

2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.2 Ensure 'Allow Siri while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled'

ACCESS CONTROL

2.2.1.6 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.8 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'
2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'
2.2.1.11 Ensure 'Show Control Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.12 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'

ACCESS CONTROL

2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only'

ACCESS CONTROL

2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'
2.4.1 Ensure 'Allow simple value' is set to 'Disabled'

IDENTIFICATION AND AUTHENTICATION

2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater

IDENTIFICATION AND AUTHENTICATION

2.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less

ACCESS CONTROL

2.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'

IDENTIFICATION AND AUTHENTICATION

2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'

ACCESS CONTROL

2.5.1 Ensure 'VPN' is 'Configured'

ACCESS CONTROL

2.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

ACCESS CONTROL

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'

ACCESS CONTROL

4.1 Ensure device is not obviously jailbroken

ACCESS CONTROL

4.2 Ensure 'Software Update' returns 'Your software is up to date.'

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices