| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | |
| 2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always' | ACCESS CONTROL |
| 2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.2.1.2 Ensure 'Allow Siri while device is locked' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | ACCESS CONTROL |
| 2.2.1.6 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.2.1.8 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' | |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | |
| 2.2.1.11 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | ACCESS CONTROL |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only` | ACCESS CONTROL |
| 2.3.1 Ensure 'Managed Safari Web Domains' is `Configured` | |
| 2.4.1 Ensure 'Allow simple value' is set to 'Disabled' | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | IDENTIFICATION AND AUTHENTICATION |
| 2.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | ACCESS CONTROL |
| 2.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | IDENTIFICATION AND AUTHENTICATION |
| 2.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | ACCESS CONTROL |
| 2.5.1 Ensure 'VPN' is 'Configured' | ACCESS CONTROL |
| 2.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | ACCESS CONTROL |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | |
