Skip to content

Apple iOS/iPadOS 16 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.

An XCCDF Rule

Description

<VulnDiscussion>When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. At least one of the two options must be selected. SFR ID: FMT_SMF_EXT.2.1</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-254603r959010_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Install a configuration profile to delete all managed apps upon device unenrollment.