Detections
Analytics

MobileIron - DISA Apple iOS 12 v1r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: MobileIron - DISA Apple iOS 12 v1r2

Updated: 3/7/2023

Authority: DISA STIG

Plugin: MDM

Revision: 1.8

Estimated Item Count: 42

File Details

Filename: DISA_STIG_Apple_iOS_12_v1r2-MobileIron.audit

Size: 67.9 kB

MD5: 0c4be9dd83925de7a3eea60cca94a293
SHA256: 88727efce2fcf09d19edc7f6225866990c24fae15a79f9fd2a4c076d6aee4f2e

Audit Items

DescriptionCategories
AIOS-12-000100 - Apple iOS must be configured to enforce a minimum password length of six characters.

IDENTIFICATION AND AUTHENTICATION

AIOS-12-000200 - Apple iOS must be configured to not allow passwords that include more than two repeating or sequential characters.

IDENTIFICATION AND AUTHENTICATION

AIOS-12-000300 - Apple iOS must be configured to lock the display after 15 minutes (or less) of inactivity.

ACCESS CONTROL

AIOS-12-000400 - Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts.

ACCESS CONTROL

AIOS-12-000800 - If an unmanaged third-party VPN client is installed on the iOS device, it must not be configured with a DoD network (work) VPN profile.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-001000 - Apple iOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].
AIOS-12-001300 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.
AIOS-12-001400 - Apple iOS must not include applications with the following characteristics: Voice dialing application if available when MD is locked.
AIOS-12-001800 - Apple iOS must not display notifications when the device is locked.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-001900 - Apple iOS must not display notifications (calendar information) when the device is locked.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-003600 - Apple iOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.
AIOS-12-004000 - Apple iOS must not allow backup of managed app data to locally connected systems.
AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-004300 - Apple iOS must not allow backup to remote systems (iCloud Keychain).
AIOS-12-004400 - Apple iOS must not allow backup to remote systems (My Photo Stream).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-004500 - Apple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-004600 - Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud).
AIOS-12-004700 - Apple iOS must not allow backup to remote systems (enterprise books).
AIOS-12-005600 - Apple iOS must not allow non-DoD applications to access DoD data.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-005800 - Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-008900 - Apple iOS must implement the management setting: remove managed applications upon unenrollment from MDM (including sensitive and protected data).
AIOS-12-010500 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.

ACCESS CONTROL

AIOS-12-010600 - Apple iOS must implement the management setting: limit Ad Tracking.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-12-010700 - Apple iOS must implement the management setting: not allow automatic completion of Safari browser passcodes.

CONFIGURATION MANAGEMENT

AIOS-12-010800 - Apple iOS must implement the management setting: Encrypt iTunes backups.

ACCESS CONTROL

AIOS-12-010900 - Apple iOS must implement the management setting: not allow use of Handoff.
AIOS-12-011100 - Apple iOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
AIOS-12-011200 - Apple iOS must implement the management setting: Disable Allow MailDrop.
AIOS-12-011300 - Apple iOS must implement the management setting: Disable Allow Shared Albums.
AIOS-12-011400 - Apple iOS device must have the latest available iOS operating system installed.
AIOS-12-011500 - Apple iOS must implement the management setting: use SSL for Exchange ActiveSync.

SYSTEM AND COMMUNICATIONS PROTECTION

AIOS-12-011600 - Apple iOS must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS Mail app.

ACCESS CONTROL

AIOS-12-011700 - Apple iOS must implement the management setting: Treat Airdrop as an unmanaged destination.
AIOS-12-011800 - Apple iOS must implement the management setting: not have any Family Members in Family Sharing.
AIOS-12-011900 - Apple iOS must implement the management setting: not share location data through iCloud.
AIOS-12-012100 - Apple iOS must implement the management setting: force Apple Watch wrist detection.
AIOS-12-012200 - Apple iOS users must complete required training.
AIOS-12-012300 - A managed photo app must be used to take and store work related photos.
AIOS-12-012500 - Apple iOS must implement the management setting: enable USB Restricted Mode.
AIOS-12-012600 - Apple iOS must not allow managed apps to write contacts to unmanaged contacts accounts.
AIOS-12-012700 - Apple iOS must not allow unmanaged apps to read contacts from managed contacts accounts.