Detections
Analytics

AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1

Audit Details

Name: AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1

Updated: 12/22/2023

Authority: CIS

Plugin: MDM

Revision: 1.8

Estimated Item Count: 27

File Details

Filename: CIS_Apple_iOS_12_End_User_Owned_L1_v1.0.0-AirWatch.audit

Size: 39.8 kB

MD5: b6f16cc6137d1792ad97f2cdd1d062ff
SHA256: f5342169feaabb57b936e8581e1fd7d1879c007d9090e7c929130f7da0277c05

Audit Items

DescriptionCategories
2.1.1 Ensure a 'Consent Message' has been 'Configured'
2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always'
2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.2 Ensure 'Allow Siri while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled'

ACCESS CONTROL

2.2.1.6 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.8 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'

ACCESS CONTROL

2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'
2.2.1.11 Ensure 'Show Control Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.1.12 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'
2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only`
2.3.1 Ensure 'Managed Safari Web Domains' is `Configured`
2.4.1 Ensure 'Allow simple value' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater

IDENTIFICATION AND AUTHENTICATION

2.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less

ACCESS CONTROL

2.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'

ACCESS CONTROL

2.4.5 Ensure 'Maximum number of failed attempts' is set to '6'

ACCESS CONTROL

2.5.1 Ensure 'VPN' is 'Configured'
2.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'

ACCESS CONTROL

4.1 Ensure device is not obviously jailbroken

ACCESS CONTROL

4.2 Ensure 'Software Update' returns 'Your software is up to date.'

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'
4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices