AIOS-11-080202 - Apple iOS must wipe protected or sensitive data upon unenrollment from MDM.

Information

When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, so it is at much greater risk of unauthorized access and disclosure.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to delete all managed apps upon device unenrollment.

See Also

http://iasecontent.disa.mil/stigs/zip/U_Apple_iOS_10_V1R3_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, MEDIA PROTECTION

References: 800-53|CM-6b., 800-53|MP-6a., CAT|II, CCI|CCI-000366, CCI|CCI-001028, Rule-ID|SV-86507r1_rule, STIG-ID|AIOS-11-080202, Vuln-ID|V-71883

Plugin: MDM

Control ID: fda61eb8d92cf86e47020ea53612ad7a4ce66d360ce40dadb8483abf004f2dee