STIGQter STIGQter: STIG Summary: Apple iOS 12 Security Technical Implementation Guide

Version: 1

Release: 2 Benchmark Date: 25 Jan 2019

CheckedNameTitle
SV-96469r1_ruleApple iOS must be configured to enforce a minimum password length of six characters.
SV-96471r1_ruleApple iOS must be configured to not allow passwords that include more than two repeating or sequential characters.
SV-96473r1_ruleApple iOS must be configured to lock the display after 15 minutes (or less) of inactivity.
SV-96475r1_ruleApple iOS must be configured to not allow more than 10 consecutive failed authentication attempts.
SV-96477r1_ruleIf an unmanaged third-party VPN client is installed on the iOS device, it must not be configured with a DoD network (work) VPN profile.
SV-96479r1_ruleApple iOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].
SV-96481r1_ruleApple iOS must not include applications with the following characteristics: Siri when the device is locked.
SV-96483r1_ruleApple iOS must not include applications with the following characteristics: Voice dialing application if available when MD is locked.
SV-96485r1_ruleApple iOS must not display notifications when the device is locked.
SV-96487r1_ruleApple iOS must not display notifications (calendar information) when the device is locked.
SV-96489r1_ruleApple iOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.
SV-96491r1_ruleApple iOS must not allow backup of managed app data to locally connected systems.
SV-96493r1_ruleApple iOS must not allow backup to remote systems (iCloud).
SV-96495r1_ruleApple iOS must not allow backup to remote systems (iCloud document and data synchronization).
SV-96497r1_ruleApple iOS must not allow backup to remote systems (iCloud Keychain).
SV-96501r1_ruleApple iOS must not allow backup to remote systems (My Photo Stream).
SV-96503r1_ruleApple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).
SV-96505r1_ruleApple iOS must not allow backup to remote systems (managed applications data stored in iCloud).
SV-96507r1_ruleApple iOS must not allow backup to remote systems (enterprise books).
SV-96509r1_ruleApple iOS must not allow non-DoD applications to access DoD data.
SV-96511r1_ruleApple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.
SV-96513r1_ruleApple iOS must implement the management setting: remove managed applications upon unenrollment from MDM (including sensitive and protected data).
SV-96521r1_ruleApple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.
SV-96523r1_ruleApple iOS must implement the management setting: limit Ad Tracking.
SV-96525r1_ruleApple iOS must implement the management setting: not allow automatic completion of Safari browser passcodes.
SV-96527r1_ruleApple iOS must implement the management setting: Encrypt iTunes backups.
SV-96529r1_ruleApple iOS must implement the management setting: not allow use of Handoff.
SV-96531r1_ruleApple iOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
SV-96533r1_ruleApple iOS must implement the management setting: Disable Allow MailDrop.
SV-96535r1_ruleApple iOS must implement the management setting: Disable Allow Shared Albums.
SV-96537r1_ruleApple iOS device must have the latest available iOS operating system installed.
SV-96539r1_ruleApple iOS must implement the management setting: use SSL for Exchange ActiveSync.
SV-96541r1_ruleApple iOS must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS Mail app.
SV-96543r1_ruleApple iOS must implement the management setting: Treat Airdrop as an unmanaged destination.
SV-96545r1_ruleApple iOS must implement the management setting: not have any Family Members in Family Sharing.
SV-96547r1_ruleApple iOS must implement the management setting: not share location data through iCloud.
SV-96549r1_ruleApple iOS must implement the management setting: force Apple Watch wrist detection.
SV-96551r1_ruleApple iOS users must complete required training.
SV-96553r1_ruleA managed photo app must be used to take and store work related photos.
SV-96555r1_ruleApple iOS must implement the management setting: enable USB Restricted Mode.
SV-96645r1_ruleApple iOS must not allow managed apps to write contacts to unmanaged contacts accounts.
SV-96647r1_ruleApple iOS must not allow unmanaged apps to read contacts from managed contacts accounts.