3.2.1.13 Ensure 'Allow pairing with non-Configurator hosts' is set to 'Disabled'

Information

This recommendation pertains to allowing data communication with a host computer.

Rationale:

Host pairing is a process by which an iOS device creates a cryptographically verified connection with a trusted host computer. By disabling the addition of new host pairings, a variety of hardware based attacks on the device are blocked.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the 'Restrictions' tab.
4. In the right windowpane, under the tab 'Functionality', 'uncheck' the checkbox for 'Allow pairing with non-Configurator hosts'.
5. Deploy the Configuration Profile.

Impact:

An end-user will not be able to sync media to and from the device.

See Also

https://workbench.cisecurity.org/files/1688