| 3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never' | |
| 3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.4 Ensure 'Allow iCloud backup' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.6 Ensure 'Allow iCloud Keychain' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Force encrypted backups' is set to 'Enabled' | ACCESS CONTROL |
| 3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.11 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.14 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.16 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.17 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.18 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' | ACCESS CONTROL |
| 3.2.1.19 Ensure 'Allow Handoff' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.20 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | |
| 3.2.1.21 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.22 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.23 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only` | |
| 3.3.1 Ensure 'Managed Safari Web Domains' is `Configured` | |
| 3.4.1 Ensure 'Allow simple value' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | IDENTIFICATION AND AUTHENTICATION |
| 3.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | ACCESS CONTROL |
| 3.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | ACCESS CONTROL |
| 3.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | ACCESS CONTROL |
| 3.5.1 Ensure 'VPN' is 'Configured' | |
| 3.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | ACCESS CONTROL |
| 3.8.1 Ensure 'If Lost, Return to... Message' is 'Configured' | |
| 4.1 Ensure device is not obviously jailbroken | ACCESS CONTROL |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | |
