AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1

Audit Details

Name: AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1

Updated: 6/17/2024

Authority: CIS

Plugin: MDM

Revision: 1.9

Estimated Item Count: 37

File Details

Filename: CIS_Apple_iOS_13_and_iPadOS_13_Institutionally_Owned_L1_v1.0.0-AirWatch.audit

Size: 57.5 kB

MD5: 212fa48a505f999af5028cab9b7da1b8
SHA256: f669768dcf914b95e5095250848f5c1d456e3b95d02593056fb7d3ad32d44c6e

Audit Items

DescriptionCategories
3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never'

CONFIGURATION MANAGEMENT

3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'

ACCESS CONTROL

3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled'

ACCESS CONTROL

3.2.1.4 Ensure 'Allow iCloud backup' is set to 'Disabled'

ACCESS CONTROL

3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled'

ACCESS CONTROL

3.2.1.6 Ensure 'Allow iCloud Keychain' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'

ACCESS CONTROL

3.2.1.10 Ensure 'Force encrypted backups' is set to 'Enabled'

CONTINGENCY PLANNING

3.2.1.11 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.13 Ensure 'Allow installing configuration profiles' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.14 Ensure 'Allow adding VPN configurations' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

3.2.1.16 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled'

MEDIA PROTECTION

3.2.1.18 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'

ACCESS CONTROL

3.2.1.19 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'

ACCESS CONTROL

3.2.1.20 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'

ACCESS CONTROL

3.2.1.21 Ensure 'Allow Handoff' is set to 'Disabled'

ACCESS CONTROL

3.2.1.22 Ensure 'Require Touch ID / Face ID authentication before AutoFill' is set to 'Enabled'

ACCESS CONTROL

3.2.1.23 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'

ACCESS CONTROL

3.2.1.24 Ensure 'Allow setting up new nearby devices' is set to 'Disabled'

SECURITY ASSESSMENT AND AUTHORIZATION

3.2.1.25 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled'

ACCESS CONTROL

3.2.1.26 Ensure 'Show Control Center in Lock screen' is set to 'Disabled'

ACCESS CONTROL

3.2.1.27 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'

ACCESS CONTROL

3.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'

CONFIGURATION MANAGEMENT

3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only`

CONFIGURATION MANAGEMENT

3.3.1 Ensure 'Managed Safari Web Domains' is `Configured`

ACCESS CONTROL

3.4.1 Ensure 'Allow simple value' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater

CONFIGURATION MANAGEMENT

3.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less

ACCESS CONTROL

3.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'

ACCESS CONTROL

3.4.5 Ensure 'Maximum number of failed attempts' is set to '6'

CONFIGURATION MANAGEMENT

3.5.1 Ensure 'VPN' is 'Configured'

SYSTEM AND COMMUNICATIONS PROTECTION

3.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

ACCESS CONTROL

3.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'

ACCESS CONTROL

3.8.1 Ensure 'If Lost, Return to... Message' is 'Configured'

ACCESS CONTROL

4.1 Ensure device is not obviously jailbroken

CONFIGURATION MANAGEMENT

4.2 Ensure 'Software Update' returns 'Your software is up to date.'

CONFIGURATION MANAGEMENT

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY