Detections
Analytics

AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1

Updated: 10/22/2025

Authority: DISA STIG

Plugin: MDM

Revision: 1.1

Estimated Item Count: 35

File Details

Filename: DISA_STIG_Apple_iOS_17_BYOAD_v1r1-AirWatch.audit

Size: 57.9 kB

MD5: e1d6c4e77d35e0d116f63eb97e6e5a86
SHA256: 3132becea1b9f6f3d85349517ad79547a6df5034897f543f2fcb0b6f977e3a16

Audit Items

DescriptionCategories
AIOS-17-701000 - Apple iOS/iPadOS 17 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device - MDM to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].
AIOS-17-703600 - Apple iOS/iPadOS 17 must not allow backup to remote systems (managed applications data stored in iCloud) - managed applications data stored in iCloud.
AIOS-17-703700 - Apple iOS/iPadOS 17 must not allow backup to remote systems (enterprise books) - enterprise books.
AIOS-17-706500 - Apple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters.
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.
AIOS-17-706700 - Apple iOS/iPadOS 17 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
AIOS-17-706800 - Apple iOS/iPadOS 17 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity.
AIOS-17-706900 - Apple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.
AIOS-17-706950 - Apple iOS/iPadOS 17 must be configured to enforce a passcode reuse prohibition of at least two generations.
AIOS-17-707000 - Apple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store].
AIOS-17-707400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics:
AIOS-17-707500 - Apple iOS/iPadOS 17 must be configured to not display notifications when the device is locked.
AIOS-17-707600 - Apple iOS/iPadOS 17 must not display notifications (calendar information) when the device is locked - calendar information when the device is locked.
AIOS-17-708400 - Apple iOS/iPadOS 17 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device.
AIOS-17-709200 - Apple iOS/iPadOS 17 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.
AIOS-17-709900 - Apple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.
AIOS-17-710000 - Apple iOS/iPadOS 17 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM.
AIOS-17-710400 - Apple iOS/iPadOS 17 must require a valid password be successfully entered before the mobile device data is unencrypted.
AIOS-17-710700 - Apple iOS/iPadOS 17 must implement the management setting: Encrypt backups/Encrypt local backup.
AIOS-17-710900 - Apple iOS/iPadOS 17 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device.
AIOS-17-710950 - Apple iOS/iPadOS 17 must implement the management setting: require passcode for incoming Airplay connection requests.
AIOS-17-711200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed.
AIOS-17-711300 - Apple iOS/iPadOS 17 must implement the management setting: use SSL for Exchange ActiveSync.
AIOS-17-711400 - Apple iOS/iPadOS 17 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 17 Mail app.
AIOS-17-711500 - Apple iOS/iPadOS 17 must implement the management setting: Treat AirDrop as an unmanaged destination.
AIOS-17-711800 - Apple iOS/iPadOS 17 must implement the management setting: force Apple Watch wrist detection.
AIOS-17-711900 - Apple iOS/iPadOS 17 users must complete required training.
AIOS-17-712000 - A managed photo app must be used to take and store work-related photos.
AIOS-17-712300 - Apple iOS/iPadOS 17 must not allow managed apps to write contacts to unmanaged contacts accounts.
AIOS-17-712400 - Apple iOS/iPadOS 17 must not allow unmanaged apps to read contacts from managed contacts accounts.
AIOS-17-713400 - The Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.
AIOS-17-714600 - Apple iOS/iPadOS 17 must disable copy/paste of data from managed to unmanaged applications.
AIOS-17-714700 - Apple iOS/iPadOS 17 must have DOD root and intermediate PKI certificates installed.
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.