AirWatch - DISA Apple iOS 10 v1r3

Audit Details

Name: AirWatch - DISA Apple iOS 10 v1r3

Updated: 6/17/2024

Authority: DISA STIG

Plugin: MDM

Revision: 1.12

Estimated Item Count: 39

File Details

Filename: DISA_STIG_Apple_iOS_10_v1r3-AirWatch.audit

Size: 66.9 kB

MD5: 70b7455f7cbb15b7a8afdedd7cfc0edb
SHA256: 7dd1d6b326c334d97e92706c82dd34e9845da63804ed5f05b8ed72f9fb7edaf6

Audit Items

DescriptionCategories
AIOS-01-080002 - Apple iOS must lock the display after 15 minutes (or less) of inactivity.

ACCESS CONTROL

AIOS-01-080004 - Apple iOS must enforce a minimum password length of six characters.

IDENTIFICATION AND AUTHENTICATION

AIOS-01-080005 - Apple iOS must not allow more than 10 consecutive failed authentication attempts.

ACCESS CONTROL

AIOS-01-080006 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.

SYSTEM AND COMMUNICATIONS PROTECTION

AIOS-01-080007 - Apple iOS must not allow passwords that include more than two repeating or sequential characters.

CONFIGURATION MANAGEMENT

AIOS-01-100100 - Apple iOS must be configured to wipe all sensitive DoD data and PII data during a remote wipe command from the MDM server.

CONFIGURATION MANAGEMENT

AIOS-02-080002 - Apple iOS must not allow backup to remote systems (iCloud).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-080003 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-080004 - Apple iOS must not allow backup to remote systems (iCloud Keychain).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-080005 - Apple iOS must not allow backup to remote systems (My Photo Stream).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-080006 - Apple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-080007 - Apple iOS must disable automatic transfer of diagnostic data to an external device other than an enrolled MDM service.

CONFIGURATION MANAGEMENT

AIOS-02-080008 - Apple iOS must implement the management setting: limit Ad Tracking.

CONFIGURATION MANAGEMENT

AIOS-02-080009 - Apple iOS must not display notifications when the device is locked.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-080010 - Apple iOS must not display notifications (calendar information) when the device is locked.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-080011 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked.

CONFIGURATION MANAGEMENT

AIOS-02-080012 - Apple iOS must not include applications with the following: Voice dialing application if available when MD is locked.

CONFIGURATION MANAGEMENT

AIOS-02-080013 - Apple iOS must be configured to disable Touch ID.

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

AIOS-02-080014 - Apple iOS must not allow non-DoD applications to access DoD data.

CONFIGURATION MANAGEMENT

AIOS-02-080016 - Apple iOS must implement the management setting: not allow automatic completion of Safari browser passcodes.

CONFIGURATION MANAGEMENT

AIOS-02-080017 - Apple iOS must implement the management setting: Encrypt iTunes backups.

CONFIGURATION MANAGEMENT

AIOS-02-080101 - Apple iOS must not allow backup to remote systems (enterprise books).

CONFIGURATION MANAGEMENT

AIOS-02-080102 - Apple iOS must implement the management setting: not allow use of Handoff.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-080103 - Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud).

CONFIGURATION MANAGEMENT

AIOS-02-080104 - Apple iOS must implement the management setting: require password when connecting to AirPlay device for the first time.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-02-090100 - Apple iOS must implement the management setting: Disable Allow MailDrop.

CONFIGURATION MANAGEMENT

AIOS-02-090101 - Apple iOS must implement the management setting: Disable Allow iCloud Photo Library.

CONFIGURATION MANAGEMENT

AIOS-02-090103 - Apple iOS device must have the latest available iOS operating system installed.

CONFIGURATION MANAGEMENT

AIOS-03-080101 - Apple iOS must implement the management setting: use SSL for Exchange ActiveSync.

CONFIGURATION MANAGEMENT

AIOS-03-080102 - Apple iOS must implement the management setting: not allow Exchange messages to be forwarded or moved to other accounts.

CONFIGURATION MANAGEMENT

AIOS-05-080001 - Apple iOS must implement the management setting: Treat Airdrop as an unmanaged destination.

CONFIGURATION MANAGEMENT

AIOS-05-080101 - Apple iOS must implement the management setting: not have any Family Members in Family Sharing.

CONFIGURATION MANAGEMENT

AIOS-05-080102 - Apple iOS must implement the management setting: not share location data through iCloud.

CONFIGURATION MANAGEMENT

AIOS-10-080102 - Apple iOS must implement the management setting: remove managed applications upon unenrollment from MDM.

CONFIGURATION MANAGEMENT

AIOS-10-080103 - Apple iOS must implement the management setting: not allow user to remove profiles that enforce DoD security requirements.

CONFIGURATION MANAGEMENT

AIOS-11-080201 - Apple iOS must not allow backup to locally connected systems.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-11-080202 - Apple iOS must wipe protected or sensitive data upon unenrollment from MDM.

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

AIOS-11-080203 - Apple iOS must implement the management setting: force Apple Watch wrist detection.

CONFIGURATION MANAGEMENT

AIOS-98-080208 - Before establishing a user session, display an administrator-specified advisory notice and consent warning banner.

CONFIGURATION MANAGEMENT