| AIOS-17-701000 - Apple iOS/iPadOS 17 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device - MDM to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | CONFIGURATION MANAGEMENT |
| AIOS-17-703600 - Apple iOS/iPadOS 17 must not allow backup to remote systems (managed applications data stored in iCloud) - managed applications data stored in iCloud. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-703700 - Apple iOS/iPadOS 17 must not allow backup to remote systems (enterprise books) - enterprise books. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-706500 - Apple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters. | IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters. | IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-706700 - Apple iOS/iPadOS 17 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | ACCESS CONTROL |
| AIOS-17-706800 - Apple iOS/iPadOS 17 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity. | ACCESS CONTROL |
| AIOS-17-706900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts. | ACCESS CONTROL |
| AIOS-17-706950 - Apple iOS/iPadOS 17 must be configured to enforce a passcode reuse prohibition of at least two generations. | IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-707000 - Apple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | CONFIGURATION MANAGEMENT |
| AIOS-17-707400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics: | CONFIGURATION MANAGEMENT |
| AIOS-17-707500 - Apple iOS/iPadOS 17 must be configured to not display notifications when the device is locked. | ACCESS CONTROL |
| AIOS-17-707600 - Apple iOS/iPadOS 17 must not display notifications (calendar information) when the device is locked - calendar information when the device is locked. | ACCESS CONTROL |
| AIOS-17-708400 - Apple iOS/iPadOS 17 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device. | ACCESS CONTROL |
| AIOS-17-709200 - Apple iOS/iPadOS 17 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-709900 - Apple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM. | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| AIOS-17-710000 - Apple iOS/iPadOS 17 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM. | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| AIOS-17-710400 - Apple iOS/iPadOS 17 must require a valid password be successfully entered before the mobile device data is unencrypted. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-710700 - Apple iOS/iPadOS 17 must implement the management setting: Encrypt backups/Encrypt local backup. | CONFIGURATION MANAGEMENT |
| AIOS-17-710900 - Apple iOS/iPadOS 17 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device. | ACCESS CONTROL |
| AIOS-17-710950 - Apple iOS/iPadOS 17 must implement the management setting: require passcode for incoming Airplay connection requests. | ACCESS CONTROL |
| AIOS-17-711200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | CONFIGURATION MANAGEMENT |
| AIOS-17-711300 - Apple iOS/iPadOS 17 must implement the management setting: use SSL for Exchange ActiveSync. | IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-711400 - Apple iOS/iPadOS 17 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 17 Mail app. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-711500 - Apple iOS/iPadOS 17 must implement the management setting: Treat AirDrop as an unmanaged destination. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-711800 - Apple iOS/iPadOS 17 must implement the management setting: force Apple Watch wrist detection. | CONFIGURATION MANAGEMENT |
| AIOS-17-711900 - Apple iOS/iPadOS 17 users must complete required training. | CONFIGURATION MANAGEMENT |
| AIOS-17-712000 - A managed photo app must be used to take and store work-related photos. | ACCESS CONTROL |
| AIOS-17-712300 - Apple iOS/iPadOS 17 must not allow managed apps to write contacts to unmanaged contacts accounts. | CONFIGURATION MANAGEMENT |
| AIOS-17-712400 - Apple iOS/iPadOS 17 must not allow unmanaged apps to read contacts from managed contacts accounts. | CONFIGURATION MANAGEMENT |
| AIOS-17-713400 - The Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-714600 - Apple iOS/iPadOS 17 must disable copy/paste of data from managed to unmanaged applications. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-714700 - Apple iOS/iPadOS 17 must have DOD root and intermediate PKI certificates installed. | CONFIGURATION MANAGEMENT |
| AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
