Detections
Analytics
AIOS-16-709900 - Apple iOS/iPadOS 16 must be configured to wipe enterprise data and apps upon unenrollment from MDM.
Information
When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure.Satisfies: PP-MDF-333300, PP-MDF-333310
SFR ID: FMT_SMF_EXT.2.1
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Install a configuration profile to delete all managed apps upon device unenrollment. This setting is normally configured on each managed app in the MDM.See Also
https://public.cyber.mil/wp-content/uploads/U_Apple_iOS-iPadOS_16_BYOAD_Y25M07_STIG.zip
Item Details
Audit Name: AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r2
Category: CONFIGURATION MANAGEMENT, MEDIA PROTECTION
References: 800-53|CM-6b., 800-53|MP-6(3), CAT|II, CCI|CCI-000366, CCI|CCI-001033, Rule-ID|SV-257119r959010_rule, STIG-ID|AIOS-16-709900, Vuln-ID|V-257119
Plugin: MDM
Control ID: 97a5a106870f4da5ae28e26dfeb9c798448ced4dbff51f5dd5b2d47d53cfb26c