Skip to content
Log In

Apple iOS/iPadOS 15 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must implement the management setting: not allow use of Handoff.

    Handoff permits a user of an iPhone and iPad to transition user activities from one device to another. Handoff passes sufficient information between the devices to describe the activity, but app da...
    Rule Low Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must implement the management setting: Disable Allow MailDrop.

    MailDrop allows users to send large attachments (up to 5 GB) in size via iCloud. Storing data with a non-DoD cloud provider may leave the data vulnerable to breach. Disabling non-DoD cloud services...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must implement the management setting: Disable Allow Shared Albums.

    Storing data with a non-DoD cloud provider may leave the data vulnerable to breach. Disabling non-DoD cloud services mitigates this risk. Note: If the Authorizing Official (AO) has approved the us...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • iPhone and iPad must have the latest available iOS/iPadOS operating system installed.

    Required security features are not available in earlier OS versions. In addition, earlier versions may have known vulnerabilities. SFR ID: FMT_SMF_EXT.1.1 #47
    Rule High Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must implement the management setting: use SSL for Exchange ActiveSync.

    Exchange email messages are a form of data in transit and thus are vulnerable to eavesdropping and man-in-the-middle attacks. Secure Sockets Layer (SSL), also referred to as Transport Layer Securit...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must implement the management setting: not share location data through iCloud.

    Sharing of location data is an operational security (OPSEC) risk because it potentially allows an adversary to determine a DoD user's location, movements, and patterns in those movements over time....
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must implement the management setting: force Apple Watch wrist detection.

    Because Apple Watch is a personal device, it is key that any sensitive DoD data displayed on the Apple Watch cannot be viewed when the watch is not in the immediate possession of the user. This con...
    Rule Low Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 users must complete required training.

    The security posture on iOS devices requires the device user to configure several required policy rules on their device. User Based Enforcement (UBE) is required for these controls. In addition, if...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must implement the management setting: enable USB Restricted Mode.

    The USB lightning port on an iOS device can be used to access data on the device. The required settings ensure the Apple device password is entered before a previously trusted USB accessory can con...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must not allow unmanaged apps to read contacts from managed contacts accounts.

    Managed apps have been approved for the handling of DoD sensitive information. Unmanaged apps are provided for productivity and morale purposes but are not approved to handle DoD sensitive informat...
    Rule Low Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must implement the management setting: disable AirDrop.

    AirDrop is a way to send contact information or photos to other users with this same feature enabled. This feature enables a possible attack vector for adversaries to exploit. Once the attacker has...
    Rule Low Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must disable Password AutoFill in browsers and applications.

    The AutoFill functionality in browsers and applications allows the user to complete a form that contains sensitive information, such as PII, without previous knowledge of the information. By allowi...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must disable allow setting up new nearby devices.

    This control allows Apple device users to request passwords from nearby devices. This could lead to a compromise of the device password with an unauthorized person or device. DoD Apple device passw...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must disable password sharing.

    This control allows sharing passwords between Apple devices using AirDrop. This could lead to a compromise of the device password with an unauthorized person or device. DoD Apple device passwords m...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must disable Find My Friends in the Find My app.

    This control does not share a DoD user's location but encourages location sharing between DoD mobile device users, which can lead to operational security (OPSEC) risks. Sharing the location of a Do...
    Rule Low Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements.

    Configuration profiles define security policies on Apple iOS devices. If a user is able to remove a configuration profile, the user can then change the configuration that had been enforced by that ...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must disable "Allow network drive access in Files access".

    Allowing network drive access by the Files app could lead to the introduction of malware or unauthorized software into the DoD IT infrastructure and compromise of sensitive DoD information and syst...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must disable connections to Siri servers for the purpose of dictation.

    If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploi...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Apple iOS/iPadOS 15 must disable connections to Siri servers for the purpose of translation.

    If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploi...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules