AirWatch - DISA Apple iOS/iPadOS 14 v1r3

Audit Details

Name: AirWatch - DISA Apple iOS/iPadOS 14 v1r3

Updated: 2/28/2023

Authority: DISA STIG

Plugin: MDM

Revision: 1.0

Estimated Item Count: 54

File Details

Filename: DISA_STIG_Apple_iOS_14_v1r3-AirWatch.audit

Size: 96.7 kB

MD5: 8d443d7fe2f17b1ffebbafd32f20f42c
SHA256: 21bc7a1918fc20b974758f62c2adf3740c4339b522ea023adcd15b6ebd604513

Audit Items

DescriptionCategories
AIOS-14-000100 - The mobile operating system must be configured to enforce a minimum password length of six characters.

IDENTIFICATION AND AUTHENTICATION

AIOS-14-000200 - The mobile operating system must be configured to not allow passwords that include more than two repeating or sequential characters.

CONFIGURATION MANAGEMENT

AIOS-14-000300 - The mobile operating system must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.

ACCESS CONTROL

AIOS-14-000400 - The mobile operating system must be configured to not allow more than ten consecutive failed authentication attempts.

ACCESS CONTROL

AIOS-14-000500 - The mobile operating system must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-000700 - The mobile operating system must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].

CONFIGURATION MANAGEMENT

AIOS-14-001000 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.

ACCESS CONTROL

AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.

CONFIGURATION MANAGEMENT

AIOS-14-001500 - The mobile operating system must be configured to not display notifications when the device is locked.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-001600 - Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-003300 - The mobile operating system must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.

ACCESS CONTROL

AIOS-14-003600 - The mobile operating system must be configured to not allow backup of [all applications, configuration data] to locally connected systems.

ACCESS CONTROL

AIOS-14-003700 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-003800 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-003900 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud Keychain).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-004000 - Apple iOS/iPadOS must not allow backup to remote systems (My Photo Stream).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-004100 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-004200 - Apple iOS/iPadOS must not allow backup to remote systems (managed applications data stored in iCloud).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-004300 - Apple iOS/iPadOS must not allow backup to remote systems (enterprise books).

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-005200 - Apple iOS/iPadOS must not allow non-DoD applications to access DoD data.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-007600 - Apple iOS/iPadOS must implement the management setting: remove managed applications upon unenrollment from MDM (including sensitive and protected data).

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

AIOS-14-008800 - Apple iOS/iPadOS must require a valid password be successfully entered before the mobile device data is unencrypted.

SYSTEM AND COMMUNICATIONS PROTECTION

AIOS-14-008900 - Apple iOS/iPadOS must implement the management setting: limit Ad Tracking.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

AIOS-14-009000 - Apple iOS/iPadOS must implement the management setting: not allow automatic completion of Safari browser passcodes.

CONFIGURATION MANAGEMENT

AIOS-14-009100 - Apple iOS/iPadOS must implement the management setting: Encrypt iTunes backups/Encrypt local backup.

CONFIGURATION MANAGEMENT

AIOS-14-009200 - Apple iOS/iPadOS must implement the management setting: not allow use of Handoff.

CONFIGURATION MANAGEMENT

AIOS-14-009300 - Apple iOS/iPadOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.

ACCESS CONTROL

AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-009500 - Apple iOS/iPadOS must implement the management setting: Disable Allow Shared Albums.

CONFIGURATION MANAGEMENT

AIOS-14-009600 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed.

CONFIGURATION MANAGEMENT

AIOS-14-009700 - Apple iOS/iPadOS must implement the management setting: use SSL for Exchange ActiveSync.

IDENTIFICATION AND AUTHENTICATION

AIOS-14-009800 - Apple iOS/iPadOS must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS Mail app.

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

AIOS-14-009900 - Apple iOS/iPadOS must implement the management setting: Treat AirDrop as an unmanaged destination.

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

AIOS-14-010000 - Apple iOS/iPadOS must implement the management setting: not have any Family Members in Family Sharing.

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

AIOS-14-010100 - Apple iOS/iPadOS must implement the management setting: not share location data through iCloud.

ACCESS CONTROL

AIOS-14-010200 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection.

CONFIGURATION MANAGEMENT

AIOS-14-010300 - Apple iOS/iPadOS users must complete required training.

CONFIGURATION MANAGEMENT

AIOS-14-010400 - A managed photo app must be used to take and store work-related photos.

ACCESS CONTROL

AIOS-14-010600 - Apple iOS/iPadOS must implement the management setting: enable USB Restricted Mode.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-010700 - Apple iOS/iPadOS must not allow managed apps to write contacts to unmanaged contacts accounts.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-010800 - Apple iOS/iPadOS must not allow unmanaged apps to read contacts from managed contacts accounts.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-010900 - Apple iOS/iPadOS must implement the management setting: disable AirDrop.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011100 - Apple iOS/iPadOS must disable Password AutoFill in browsers and applications.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011200 - Apple iOS/iPadOS must disable allow setting up new nearby devices.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011300 - Apple iOS/iPadOS must disable password proximity requests.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011400 - Apple iOS/iPadOS must disable password sharing.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011500 - Apple iOS/iPadOS must disable Find My Friends in the Find My app.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011600 - The Apple iOS/iPadOS must be supervised by the MDM.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

AIOS-14-011700 - Apple iOS/iPadOS must disable 'Allow USB drive access in Files app' if the AO has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices - Allow USB drive access in Files app if the AO has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices.

ACCESS CONTROL, CONFIGURATION MANAGEMENT