Detections
Analytics
AIOS-16-709900 - Apple iOS/iPadOS 16 must be configured to wipe enterprise data and apps upon unenrollment from MDM.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure.Satisfies: PP-MDF-333300, PP-MDF-333310
SFR ID: FMT_SMF_EXT.2.1
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Install a configuration profile to delete all managed apps upon device unenrollment. This setting is normally configured on each managed app in the MDM.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS-iPadOS_16_BYOAD_Y23M08_STIG.zip
Item Details
Audit Name: AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
References: CAT|II, CCI|CCI-000366, CCI|CCI-001033, Rule-ID|SV-257119r904257_rule, STIG-ID|AIOS-16-709900, Vuln-ID|V-257119
Plugin: MDM
Control ID: 2cf11821bd0943df6ef5094e6416fff503b89a18cc394c82ae2c48e90600b191