3.2.1.10 Ensure 'Force encrypted backups' is set to 'Enabled'

Information

This recommendation pertains to encrypting iTunes backups of iOS and iPadOS devices.

Rationale:
Data that are stored securely on an iOS or iPadOS device may be trivially accessed from a local computer. Forcing the encryption of backups significantly reduces the likelihood of sensitive data being compromised if the local host computer is compromised.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the Restrictions tab.
4. In the right windowpane, under the tab Functionality, check the checkbox for Force encrypted backups.
5. Deploy the Configuration Profile.

Impact:
End-users must configure a password for the encrypted backup; the complexity of which is not managed.

See Also

https://workbench.cisecurity.org/files/2141