2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled'

Information

This recommendation pertains to Apple's managed app implementation. The terms 'managed' and 'unmanaged' refer to app classifications made through Managed Open In, a feature of iOS 7 and later. Managed Open In provides for data containerization. Institutionally provisioned apps are designated managed. Apps elected by the end user are designated unmanaged.

Rationale:

Limiting data transfer from the unmanaged user app space to the managed institutional space limits institutional resources from being employed for personal use.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the 'Restrictions' tab.
4. In the right windowpane, under the tab 'Functionality', 'uncheck' the checkbox for 'Allow documents from unmanaged sources in managed destinations'.
5. Deploy the Configuration Profile.

Impact:

None.

See Also

https://workbench.cisecurity.org/files/1688

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|14.4

Plugin: MDM

Control ID: 30e60ab9a9d9a184875b67f684840f4a038f9b3ad8b55129285edc8c044239d3