2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled'

Information

This recommendation pertains to encrypting iTunes backups of iOS devices.

Rationale:
Data that are stored securely on an iOS device may be trivially accessed from a local computer backup. Forcing the encryption of backups protects data from being compromised if the local host computer is compromised.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the Restrictions tab.
4. In the right windowpane, under the tab Functionality, check the checkbox for Force encrypted backups.
5. Deploy the Configuration Profile.

Impact:
End-users must configure a password for the encrypted backup; the complexity of which is not managed.

See Also

https://workbench.cisecurity.org/files/2141