AIOS-14-000100 - The mobile operating system must be configured to enforce a minimum password length of six characters. | IDENTIFICATION AND AUTHENTICATION |
AIOS-14-000200 - The mobile operating system must be configured to not allow passwords that include more than two repeating or sequential characters. | CONFIGURATION MANAGEMENT |
AIOS-14-000300 - The mobile operating system must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | ACCESS CONTROL |
AIOS-14-000400 - The mobile operating system must be configured to not allow more than ten consecutive failed authentication attempts. | ACCESS CONTROL |
AIOS-14-000500 - The mobile operating system must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-000700 - The mobile operating system must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store]. | CONFIGURATION MANAGEMENT |
AIOS-14-001000 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked. | ACCESS CONTROL |
AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked. | CONFIGURATION MANAGEMENT |
AIOS-14-001500 - The mobile operating system must be configured to not display notifications when the device is locked. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-001600 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-003300 - The mobile operating system must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device. | ACCESS CONTROL |
AIOS-14-003600 - The mobile operating system must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | ACCESS CONTROL |
AIOS-14-003700 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-003800 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-003900 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud Keychain). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-004000 - Apple iOS/iPadOS must not allow backup to remote systems (My Photo Stream). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-004200 - Apple iOS/iPadOS must not allow backup to remote systems (managed applications data stored in iCloud). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-004300 - Apple iOS/iPadOS must not allow backup to remote systems (enterprise books). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-005200 - Apple iOS/iPadOS must not allow non-DoD applications to access DoD data. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-007600 - Apple iOS/iPadOS must implement the management setting: remove managed applications upon unenrollment from MDM (including sensitive and protected data). | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
AIOS-14-008800 - Apple iOS/iPadOS must require a valid password be successfully entered before the mobile device data is unencrypted. | SYSTEM AND COMMUNICATIONS PROTECTION |
AIOS-14-008900 - Apple iOS/iPadOS must implement the management setting: limit Ad Tracking. | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
AIOS-14-009000 - Apple iOS/iPadOS must implement the management setting: not allow automatic completion of Safari browser passcodes. | CONFIGURATION MANAGEMENT |
AIOS-14-009100 - Apple iOS/iPadOS must implement the management setting: Encrypt iTunes backups/Encrypt local backup. | CONFIGURATION MANAGEMENT |
AIOS-14-009200 - Apple iOS/iPadOS must implement the management setting: not allow use of Handoff. | CONFIGURATION MANAGEMENT |
AIOS-14-009300 - Apple iOS/iPadOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time. | ACCESS CONTROL |
AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-009500 - Apple iOS/iPadOS must implement the management setting: Disable Allow Shared Albums. | CONFIGURATION MANAGEMENT |
AIOS-14-009600 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | CONFIGURATION MANAGEMENT |
AIOS-14-009700 - Apple iOS/iPadOS must implement the management setting: use SSL for Exchange ActiveSync. | IDENTIFICATION AND AUTHENTICATION |
AIOS-14-009800 - Apple iOS/iPadOS must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS Mail app. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
AIOS-14-009900 - Apple iOS/iPadOS must implement the management setting: Treat AirDrop as an unmanaged destination. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
AIOS-14-010000 - Apple iOS/iPadOS must implement the management setting: not have any Family Members in Family Sharing. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
AIOS-14-010100 - Apple iOS/iPadOS must implement the management setting: not share location data through iCloud. | ACCESS CONTROL |
AIOS-14-010200 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection. | CONFIGURATION MANAGEMENT |
AIOS-14-010300 - Apple iOS/iPadOS users must complete required training. | CONFIGURATION MANAGEMENT |
AIOS-14-010400 - A managed photo app must be used to take and store work-related photos. | ACCESS CONTROL |
AIOS-14-010600 - Apple iOS/iPadOS must implement the management setting: enable USB Restricted Mode. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-010700 - Apple iOS/iPadOS must not allow managed apps to write contacts to unmanaged contacts accounts. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-010800 - Apple iOS/iPadOS must not allow unmanaged apps to read contacts from managed contacts accounts. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-010900 - Apple iOS/iPadOS must implement the management setting: disable AirDrop. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-011100 - Apple iOS/iPadOS must disable Password AutoFill in browsers and applications. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-011200 - Apple iOS/iPadOS must disable allow setting up new nearby devices. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-011300 - Apple iOS/iPadOS must disable password proximity requests. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-011400 - Apple iOS/iPadOS must disable password sharing. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-011500 - Apple iOS/iPadOS must disable Find My Friends in the Find My app. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-011600 - The Apple iOS/iPadOS must be supervised by the MDM. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-011700 - Apple iOS/iPadOS must disable 'Allow USB drive access in Files app' if the AO has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices - Allow USB drive access in Files app if the AO has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |