3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled'

Information

This recommendation pertains to whether a message attachment can be uploaded and accessed through Apple's Mail Drop service.

NOTE: This recommendation only applies if an institutionally configured mail account resides on the iOS device.

Rationale:

Permitting attachment uploads to Mail Drop, which is outside organizational control, presents a data exfiltration path.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the Configuration Profile:

Open Apple Configurator.

Open the Configuration Profile.

In the left windowpane, click on the Mail tab.

In the right windowpane, uncheck the checkbox for Allow Mail Drop.

See Also

https://workbench.cisecurity.org/benchmarks/15548