Skip to content

Apple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.

An XCCDF Rule

Description

<VulnDiscussion>When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. At least one of the two options must be selected. SFR ID: FMT_SMF_EXT.2.1</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-258335r927688_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Install a configuration profile to delete all managed apps upon device unenrollment.