3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled'

Information

This recommendation pertains to the factory reset functionality of iOS devices.

Rationale:
An institutionally owned device should not allow an end user to destroy data.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the Restrictions tab.
4. In the right windowpane, under the tab Functionality, uncheck the checkbox for Allow Erase All Content and Settings.
5. Deploy the Configuration Profile.

See Also

https://workbench.cisecurity.org/files/2141

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|5.1

Plugin: MDM

Control ID: a368fde4ee828c0ab135c8d1a241716a35f6c16f784d09854e0301ba43ae1322