| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.4 Ensure 'Allow iCloud backup' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.6 Review 'Allow iCloud Keychain' settings | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.10 Ensure 'Force encrypted backups' is set to 'Enabled' | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1.11 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.12 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.14 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.15 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.16 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.17 Ensure 'Force automatic date and time' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.21 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.22 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.23 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.24 Ensure 'Allow Handoff' is set to 'Disabled' | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.26 Ensure 'Require Touch ID / Face ID authentication before AutoFill' is set to 'Enabled' | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.28 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | ACCESS CONTROL, AWARENESS AND TRAINING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.31 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.32 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4.1 Ensure 'Allow simple value' is set to 'Disabled' | IDENTIFICATION AND AUTHENTICATION |
| 3.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | IDENTIFICATION AND AUTHENTICATION |
| 3.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | ACCESS CONTROL |
| 3.4.5 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | ACCESS CONTROL |
| 3.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | ACCESS CONTROL |
| 3.5.1 Ensure 'Disable Association MAC Randomization' is 'Configured' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.6.1 Ensure 'VPN' is 'Configured' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.9.1 Ensure 'If Lost, Return to...' Message is 'Configured' | ACCESS CONTROL |
| 4.1.1 Review Manage Sharing & Access | CONFIGURATION MANAGEMENT |
| 4.2 Ensure device is not obviously jailbroken or compromised | SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure 'Software Update' returns 'Your software is up to date.' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Review 'iCloud Private Relay' settings | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.6 Review 'Mail Privacy Protection' settings | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
