Detections
Analytics

AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1

Audit Details

Name: AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1

Updated: 6/17/2024

Authority: CIS

Plugin: MDM

Revision: 1.9

Estimated Item Count: 27

File Details

Filename: CIS_Apple_iOS_12_End_User_Owned_L1_v1.0.0-AirWatch.audit

Size: 39.8 kB

MD5: 419f8b663bc567210e7ae0d5c6f04818
SHA256: f07b6dabf3906ca52702807190d532660abe0dfd09b896070fdc03eb34c4e181

Audit Items

DescriptionCategories
2.1.1 Ensure a 'Consent Message' has been 'Configured'
2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always'
2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.2 Ensure 'Allow Siri while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled'

ACCESS CONTROL

2.2.1.6 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.8 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'

ACCESS CONTROL

2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'
2.2.1.11 Ensure 'Show Control Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.12 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'
2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only`
2.3.1 Ensure 'Managed Safari Web Domains' is `Configured`
2.4.1 Ensure 'Allow simple value' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater

IDENTIFICATION AND AUTHENTICATION

2.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less

ACCESS CONTROL

2.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'

ACCESS CONTROL

2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'

ACCESS CONTROL

2.5.1 Ensure 'VPN' is 'Configured'
2.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'

ACCESS CONTROL

4.1 Ensure device is not obviously jailbroken

ACCESS CONTROL

4.2 Ensure 'Software Update' returns 'Your software is up to date.'

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices