| AIOS-16-701000 - Apple iOS/iPadOS 16 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device - MDM to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | CONFIGURATION MANAGEMENT |
| AIOS-16-703600 - Apple iOS/iPadOS 16 must not allow backup to remote systems (managed applications data stored in iCloud) - managed applications data stored in iCloud. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-703700 - Apple iOS/iPadOS 16 must not allow backup to remote systems (enterprise books) - enterprise books. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-706500 - Apple iOS/iPadOS 16 must be configured to enforce a minimum password length of six characters. | IDENTIFICATION AND AUTHENTICATION |
| AIOS-16-706600 - Apple iOS/iPadOS 16 must be configured to not allow passwords that include more than four repeating or sequential characters. | CONFIGURATION MANAGEMENT |
| AIOS-16-706700 - Apple iOS/iPadOS 16 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | ACCESS CONTROL |
| AIOS-16-706800 - Apple iOS/iPadOS 16 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity. | ACCESS CONTROL |
| AIOS-16-706900 - Apple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts. | ACCESS CONTROL |
| AIOS-16-707000 - Apple iOS/iPadOS 16 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | CONFIGURATION MANAGEMENT |
| AIOS-16-707400 - The Apple iOS/iPadOS 16 allow list must be configured to not include applications with the following characteristics: | CONFIGURATION MANAGEMENT |
| AIOS-16-707500 - Apple iOS/iPadOS 16 must be configured to not display notifications when the device is locked. | ACCESS CONTROL |
| AIOS-16-707600 - Apple iOS/iPadOS 16 must not display notifications (calendar information) when the device is locked - calendar information when the device is locked. | ACCESS CONTROL |
| AIOS-16-708400 - The Apple iOS/iPadOS 16 device User Agreement must include the DOD advisory warning message. | ACCESS CONTROL |
| AIOS-16-709200 - Apple iOS/iPadOS 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709900 - Apple iOS/iPadOS 16 must be configured to wipe enterprise data and apps upon unenrollment from MDM. | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| AIOS-16-710400 - Apple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-710700 - Apple iOS/iPadOS 16 must implement the management setting: Encrypt iTunes backups/Encrypt local backup. | CONFIGURATION MANAGEMENT |
| AIOS-16-710900 - Apple iOS/iPadOS 16 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time. | ACCESS CONTROL |
| AIOS-16-711200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | CONFIGURATION MANAGEMENT |
| AIOS-16-711300 - Apple iOS/iPadOS 16 must implement the management setting: use SSL for Exchange ActiveSync. | IDENTIFICATION AND AUTHENTICATION |
| AIOS-16-711400 - Apple iOS/iPadOS 16 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 16 Mail app. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-16-711500 - Apple iOS/iPadOS 16 must implement the management setting: Treat AirDrop as an unmanaged destination. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-16-711800 - Apple iOS/iPadOS 16 must implement the management setting: force Apple Watch wrist detection. | CONFIGURATION MANAGEMENT |
| AIOS-16-711900 - Apple iOS/iPadOS 16 users must complete required training. | CONFIGURATION MANAGEMENT |
| AIOS-16-712000 - A managed photo app must be used to take and store work-related photos. | ACCESS CONTROL |
| AIOS-16-712300 - Apple iOS/iPadOS 16 must not allow managed apps to write contacts to unmanaged contacts accounts. | CONFIGURATION MANAGEMENT |
| AIOS-16-712400 - Apple iOS/iPadOS 16 must not allow unmanaged apps to read contacts from managed contacts accounts. | CONFIGURATION MANAGEMENT |
| AIOS-16-713400 - The Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-714600 - Apple iOS/iPadOS 16 must disable copy/paste of data from managed to unmanaged applications. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
