Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Apple iOS/iPadOS 16 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device.
The system administrator must configure VPN access to meet organization-specific policies based on mission needs. Otherwise, a user could inadvertently or maliciously set up a VPN and connect to a ...Rule Medium Severity -
Apple iOS/iPadOS 16 must not allow backup to remote systems (managed applications data stored in iCloud).
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DOD information systems. An adversary could exploi...Rule Medium Severity -
Apple iOS/iPadOS 16 must be configured to enforce a minimum password length of six characters.
Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many attempts an adversary is p...Rule Medium Severity -
Apple iOS/iPadOS 16 must be configured to lock the display after 15 minutes (or less) of inactivity.
The screen lock timeout must be set to a value that helps protect the device from unauthorized access. Having a too-long timeout would increase the window of opportunity for adversaries who gain ph...Rule Medium Severity -
Apple iOS/iPadOS 16 must not display notifications (calendar information) when the device is locked.
Many mobile devices display notifications on the lock screen so users can obtain relevant information in a timely manner without having to frequently unlock the phone to determine if there are new ...Rule Medium Severity -
Apple iOS/iPadOS 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connect...Rule Medium Severity -
Apple iOS/iPadOS 16 must be configured to wipe enterprise data and apps upon unenrollment from MDM.
When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at m...Rule Medium Severity -
Apple iOS/iPadOS 16 must implement the management setting: Encrypt iTunes backups/Encrypt local backup.
When syncing an iPhone and iPad to a computer running iTunes, iTunes will prompt the user to back up the iPhone and iPad. If the performed backup is not encrypted, this could lead to the unauthoriz...Rule Medium Severity -
Apple iOS/iPadOS 16 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
When a user is allowed to use AirPlay without a password, it may mistakenly associate the iPhone and iPad with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one...Rule Low Severity -
Apple iOS/iPadOS 16 must implement the management setting: Treat AirDrop as an unmanaged destination.
AirDrop is a way to send contact information or photos to other users with AirDrop enabled. This feature enables a possible attack vector for adversaries to exploit. Once the attacker has gained ac...Rule Medium Severity -
Apple iOS/iPadOS 16 must not allow managed apps to write contacts to unmanaged contacts accounts.
Managed apps have been approved for the handling of DOD sensitive information. Unmanaged apps are provided for productivity and morale purposes but are not approved to handle DOD sensitive informat...Rule Low Severity -
Apple iOS/iPadOS 16 must not allow unmanaged apps to read contacts from managed contacts accounts.
Managed apps have been approved for the handling of DOD sensitive information. Unmanaged apps are provided for productivity and morale purposes but are not approved to handle DOD sensitive informat...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.