Detections
Analytics
AIOS-11-080202 - Apple iOS must wipe protected or sensitive data upon unenrollment from MDM.
Information
When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, so it is at much greater risk of unauthorized access and disclosure.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Install a configuration profile to delete all managed apps upon device unenrollment.See Also
http://iasecontent.disa.mil/stigs/zip/U_Apple_iOS_10_V1R3_STIG.zip
Item Details
Audit Name: MobileIron - DISA Apple iOS 10 v1r3
Category: CONFIGURATION MANAGEMENT, MEDIA PROTECTION
References: 800-53|CM-6b., 800-53|MP-6a., CAT|II, CCI|CCI-000366, CCI|CCI-001028, Rule-ID|SV-86507r1_rule, STIG-ID|AIOS-11-080202, Vuln-ID|V-71883
Plugin: MDM
Control ID: fda61eb8d92cf86e47020ea53612ad7a4ce66d360ce40dadb8483abf004f2dee