Detections
Analytics

AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned

Updated: 11/25/2025

Authority: CIS

Plugin: MDM

Revision: 1.1

Estimated Item Count: 41

Audit Items

DescriptionCategories
2.1.1 Ensure a 'Consent Message' has been 'Configured'
2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always'
2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'
2.2.1.2 Ensure 'Allow Siri while device is locked' is set to 'Disabled'
2.2.1.3 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'
2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled'
2.2.1.5 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled'
2.2.1.7 Ensure 'Force automatic date and time' is set to 'Enabled'
2.2.1.8 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled'
2.2.1.9 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'
2.2.1.10 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'
2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled'
2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled'
2.2.1.14 Ensure 'Show Control Center in Lock screen' is set to 'Disabled'
2.2.1.15 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'
2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only'
2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'
2.4.1 Ensure 'Allow simple value' is set to 'Disabled'
2.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater
2.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less
2.4.5 Ensure 'Maximum grace period for device lock' is set to 'Immediately'
2.4.6 Ensure 'Maximum number of failed attempts' is set to '6'
2.5.1 Ensure 'Disable Association MAC Randomization' is 'Configured'
2.6.1 Ensure 'VPN' is 'Configured'
2.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'
2.8.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'
3.2.1.11 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled'
3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled'
3.5.1 Ensure 'Disable Association MAC Randomization' is 'Configured'
4.1.1 Review Manage Sharing & Access
4.1.2 Review Emergency Reset
4.1.4 Ensure 'App Privacy Report' is enabled
4.2 Ensure device is not obviously jailbroken or compromised
4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled'
4.4 Ensure 'Software Update' returns 'Your software is up to date.'
4.5 Review 'iCloud Private Relay' settings
4.6 Review 'Mail Privacy Protection' settings
4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled'
4.8 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end user-owned devices
4.10 Verify iPhone Mirroring Settings