Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
PP-MDF-331090
Group -
Apple iOS/iPadOS 17 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device.
The system administrator must have the capability to configure VPN access to meet organization-specific policies based on mission needs. Otherwise, a user could inadvertently or maliciously set up ...Rule Low Severity -
Apple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters.
Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many attempts an adversary is p...Rule Medium Severity -
Apple iOS/iPadOS 17 must be configured to lock the display after 15 minutes (or less) of inactivity.
The screen lock timeout must be set to a value that helps protect the device from unauthorized access. Having a too-long timeout would increase the window of opportunity for adversaries who gain ph...Rule Medium Severity -
Apple iOS/iPadOS 17 must be configured to not display notifications when the device is locked.
Many mobile devices display notifications on the lock screen so users can obtain relevant information in a timely manner without having to frequently unlock the phone to determine if there are new ...Rule Medium Severity -
Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.
App data sharing gives apps the ability to access the data of other apps for enhanced user functionality. However, sharing also poses a significant risk that unauthorized users or apps will obtain ...Rule Medium Severity -
Apple iOS/iPadOS 17 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM.
When a mobile device will no longer be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much gre...Rule Medium Severity -
Apple iOS/iPadOS 17 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 17 Mail app.
The Apple iOS/iPadOS Mail app can be configured to support multiple email accounts concurrently. These email accounts are likely to involve content of varying degrees of sensitivity (e.g., both per...Rule Medium Severity -
Apple iOS/iPadOS 17 must not allow managed apps to write contacts to unmanaged contacts accounts.
Managed apps have been approved for the handling of DOD sensitive information. Unmanaged apps are provided for productivity and morale purposes but are not approved to handle DOD sensitive informat...Rule Low Severity -
Apple iOS/iPadOS 17 must have DOD root and intermediate PKI certificates installed.
DOD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the user is allowed to remove root and intermediate certificates, th...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.