Apple iOS/iPadOS 15 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Apple iOS/iPadOS 15 must be configured to lock the display after 15 minutes (or less) of inactivity.
The screen lock timeout must be set to a value that helps protect the device from unauthorized access. Having a too-long timeout would increase the window of opportunity for adversaries who gain ph...Rule Medium Severity -
Apple iOS/iPadOS 15 must not include applications with the following characteristics: access to Siri when the device is locked.
Requiring all authorized applications to be in an application allow list prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the allow list. Failure to c...Rule Medium Severity -
Apple iOS/iPadOS 15 allow list must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.
Requiring all authorized applications to be in an application allow list prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the allow list. Failure to c...Rule Medium Severity -
Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.
App data sharing gives apps the ability to access the data of other apps for enhanced user functionality. However, sharing also poses a significant risk that unauthorized users or apps will obtain ...Rule Medium Severity -
Apple iOS/iPadOS 15 must require a valid password be successfully entered before the mobile device data is unencrypted.
Passwords provide a form of access control that prevents unauthorized individuals from accessing computing resources and sensitive data. Passwords may also be a source of entropy for generation of ...Rule High Severity -
Apple iOS/iPadOS 15 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
When a user is allowed to use AirPlay without a password, it may mistakenly associate the iPhone and iPad with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one...Rule Low Severity -
Apple iOS/iPadOS 15 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 15 Mail app.
The Apple iOS/iPadOS Mail app can be configured to support multiple email accounts concurrently. These email accounts are likely to involve content of varying degrees of sensitivity (e.g., both per...Rule Medium Severity -
Apple iOS/iPadOS 15 must implement the management setting: Treat AirDrop as an unmanaged destination.
AirDrop is a way to send contact information or photos to other users with this same feature enabled. This feature enables a possible attack vector for adversaries to exploit. Once the attacker has...Rule Medium Severity -
Apple iOS/iPadOS 15 must implement the management setting: not have any Family Members in Family Sharing.
Apple's Family Sharing service allows Apple iOS/iPadOS users to create a Family Group whose members have several shared capabilities, including the ability to lock, wipe, play a sound on, or locate...Rule Low Severity -
A managed photo app must be used to take and store work-related photos.
The iOS Photos app is unmanaged and may sync photos with a device user's personal iCloud account. Therefore, work-related photos must not be taken via the iOS camera app or stored in the Photos app...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.