| 3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never' | CONFIGURATION MANAGEMENT |
| 3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.4 Ensure 'Allow iCloud backup' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.6 Ensure 'Allow iCloud Keychain' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.10 Ensure 'Force encrypted backups' is set to 'Enabled' | CONTINGENCY PLANNING |
| 3.2.1.11 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.14 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.15 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.17 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MEDIA PROTECTION |
| 3.2.1.19 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.20 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.21 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' | ACCESS CONTROL |
| 3.2.1.22 Ensure 'Allow Handoff' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.23 Ensure 'Require Touch ID / Face ID authentication before AutoFill' is set to 'Enabled' | ACCESS CONTROL |
| 3.2.1.24 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | ACCESS CONTROL |
| 3.2.1.25 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.2.1.26 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.27 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.2.1.28 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.1.29 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | ACCESS CONTROL |
| 3.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | ACCESS CONTROL |
| 3.4.1 Ensure 'Allow simple value' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | CONFIGURATION MANAGEMENT |
| 3.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | ACCESS CONTROL |
| 3.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | ACCESS CONTROL |
| 3.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | CONFIGURATION MANAGEMENT |
| 3.5.1 Ensure 'VPN' is 'Configured' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | ACCESS CONTROL |
| 3.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | ACCESS CONTROL |
| 3.8.1 Ensure 'If Lost, Return to... Message' is 'Configured' | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | CONFIGURATION MANAGEMENT |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | CONFIGURATION MANAGEMENT |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
