AIOS-17-009900 - Apple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.

Information

When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. At least one of the two options must be selected.

SFR ID: FMT_SMF_EXT.2.1

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to delete all managed apps upon device unenrollment.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS-iPadOS_17_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, MEDIA PROTECTION

References: 800-53|CM-6b., 800-53|MP-6(3), CAT|II, CCI|CCI-000366, CCI|CCI-001033, Rule-ID|SV-258335r959010_rule, STIG-ID|AIOS-17-009900, Vuln-ID|V-258335

Plugin: MDM

Control ID: ee7e133b416d719d4b4c22c997b15ce9b3ef00d7b10ec534b98f6fb432b07b7b