AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1

Audit Details

Name: AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1

Updated: 3/7/2023

Authority: CIS

Plugin: MDM

Revision: 1.7

Estimated Item Count: 35

File Details

Filename: CIS_Apple_iOS_12_Institutionally_Owned_L1_v1.0.0-AirWatch.audit

Size: 51.9 kB

MD5: d8b52e8eb9e0c131d643a9d396c0a8d7
SHA256: 6f1eef01c6db071172f007ef7c48a35ace860507f9d6950adee0a7a48f431bc5

Audit Items

DescriptionCategories
3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never'
3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.4 Ensure 'Allow iCloud backup' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.6 Ensure 'Allow iCloud Keychain' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.8 Ensure 'Force encrypted backups' is set to 'Enabled'

ACCESS CONTROL

3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.11 Ensure 'Allow installing configuration profiles' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.14 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.16 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.17 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.18 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'

ACCESS CONTROL

3.2.1.19 Ensure 'Allow Handoff' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.20 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'
3.2.1.21 Ensure 'Allow setting up new nearby devices' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.22 Ensure 'Show Control Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.1.23 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'
3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only`
3.3.1 Ensure 'Managed Safari Web Domains' is `Configured`
3.4.1 Ensure 'Allow simple value' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater

IDENTIFICATION AND AUTHENTICATION

3.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less

ACCESS CONTROL

3.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'

ACCESS CONTROL

3.4.5 Ensure 'Maximum number of failed attempts' is set to '6'

ACCESS CONTROL

3.5.1 Ensure 'VPN' is 'Configured'
3.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'

ACCESS CONTROL

3.8.1 Ensure 'If Lost, Return to... Message' is 'Configured'
4.1 Ensure device is not obviously jailbroken

ACCESS CONTROL

4.2 Ensure 'Software Update' returns 'Your software is up to date.'

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'