3.2.1.19 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'

Information

This recommendation pertains to Apple's managed app implementation.

The terms 'managed' and 'unmanaged' refer to app classifications made through Managed Open In, a feature introduced in iOS 7. Managed Open In provides for data containerization. Institutionally provisioned apps are designated managed. Apps elected by the end user are designated unmanaged.

Rationale:

Limiting data transfer from the managed institutional app space to the user space may prevent data leakage.

Solution

Open Apple Configurator.

Open the Configuration Profile.

In the left windowpane, click on the Restrictions tab.

In the right windowpane, under the tab Functionality, uncheck the checkbox for Allow documents from managed sources in unmanaged destinations.

Deploy the Configuration Profile.

See Also

https://workbench.cisecurity.org/files/3064