| 2.14 Audit Passwords System Preference Setting | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 3.2.1.1 Ensure 'Allow screenshots and screen recording' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.4 Ensure 'Allow iCloud backup' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.10 Ensure 'Force encrypted backups' is set to 'Enabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONTINGENCY PLANNING |
| 3.2.1.11 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow modifying cellular data app settings' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.14 Ensure 'Allow pairing with non-Configurator hosts' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.2.1.21 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.8.1 Ensure 'If Lost, Return to... Message' is 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| AIOS-15-003500 - Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams). | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-007400 - Apple iOS/iPadOS 15 allowlist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-007600 - Apple iOS/iPadOS 15 must not display notifications (calendar information) when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | ACCESS CONTROL |
| AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-009900 - Apple iOS/iPadOS 15 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| AIOS-15-010500 - Apple iOS/iPadOS 15 must implement the management setting: limit Ad Tracking. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-010600 - Apple iOS/iPadOS 15 must implement the management setting: not allow automatic completion of Safari browser passcodes. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011500 - Apple iOS/iPadOS 15 must implement the management setting: Treat AirDrop as an unmanaged destination. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011800 - Apple iOS/iPadOS 15 must implement the management setting: force Apple Watch wrist detection. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011900 - Apple iOS/iPadOS 15 users must complete required training. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-012800 - Apple iOS/iPadOS 15 must disable allow setting up new nearby devices. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-014600 - Apple iOS/iPadOS 15 must disable copy/paste of data from managed to unmanaged applications. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-003500 - Apple iOS/iPadOS 18 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Stream or Shared Photo Stream) - iCloud Photo Sharing, also known as Shared Photo Streams. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-003600 - Apple iOS/iPadOS 18 must not allow backup to remote systems (managed applications data stored in iCloud) - managed applications data stored in iCloud. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-006800 - Apple iOS/iPadOS 18 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | ACCESS CONTROL |
| AIOS-18-006950 - Apple iOS/iPadOS 18 must be configured to enforce a passcode reuse prohibition of at least two generations. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-010000 - Apple iOS/iPadOS 18 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM - any nonfactory installed application] upon unenrollment from MDM. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | MEDIA PROTECTION |
| AIOS-18-013400 - The Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-014400 - Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of dictation. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014600 - Apple iOS/iPadOS 18 must disable copy/paste of data from managed to unmanaged applications. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015100 - Apple iOS/iPadOS 18 must delete eSIM content when the device is erased. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | MEDIA PROTECTION |
| AIOS-18-015400 - Apple iOS/iPadOS 18 must disable ChatGPT and other external AI app connections in Apple Intelligence. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015800 - Apple iOS/iPadOS 18 must disable iPhone Mirroring on Mac. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016800 - Apple iOS/iPadOS 18 must disable AirPrint: Allow storage of AirPrint credentials in Keychain. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-017000 - Apple iOS/iPadOS 18 must disable Allowed Content Ratings (Movies). | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-017300 - Apple iOS/iPadOS 18 must disable the Apple Intelligence feature: Image Generation. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-017400 - Apple iOS/iPadOS 18 must disable the Apple Intelligence feature: generate new Genmoji. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
