AIOS-18-010000 - Apple iOS/iPadOS 18 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM - any nonfactory installed application] upon unenrollment from MDM.

Information

When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. At least one of the two options must be selected.

SFRID: FMT_SMF_EXT.2.1

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to delete all managed apps upon device unenrollment.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS-iPadOS_18_V1R1_STIG.zip

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-6(3), CAT|II, CCI|CCI-001033, Rule-ID|SV-268020r1031200_rule, STIG-ID|AIOS-18-010000, Vuln-ID|V-268020

Plugin: MDM

Control ID: 4bdae1626194e951ee63474fbdb34250e16208ec1892cdc59703f812cd13c02f