STIGQter STIGQter: STIG Summary: Apple iOS/iPadOS 13 Security Technical Implementation Guide

Version: 1

Release: 1 Benchmark Date: 19 Sep 2019

CheckedNameTitle
SV-106523r1_ruleApple iOS/iPadOS must be configured to enforce a minimum password length of six characters.
SV-106525r1_ruleApple iOS/iPadOS must be configured to not allow passwords that include more than two repeating or sequential characters.
SV-106527r1_ruleApple iOS/iPadOS must be configured to lock the display after 15 minutes (or less) of inactivity.
SV-106529r1_ruleApple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts.
SV-106531r1_ruleIf an unmanaged third-party VPN client is installed on the iOS/iPadOS device, it must not be configured with a DoD network (work) VPN profile.
SV-106533r1_ruleApple iOS/iPadOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].
SV-106535r1_ruleApple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.
SV-106537r1_ruleApple iOS/iPadOS must not include applications with the following characteristics: Voice dialing application if available when MD is locked.
SV-106539r1_ruleApple iOS/iPadOS must not display notifications when the device is locked.
SV-106541r1_ruleApple iOS/iPadOS must not display notifications (calendar information) when the device is locked.
SV-106543r1_ruleApple iOS/iPadOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.
SV-106545r1_ruleApple iOS/iPadOS must not allow backup of managed app data to locally connected systems.
SV-106547r1_ruleApple iOS/iPadOS must not allow backup to remote systems (iCloud).
SV-106549r1_ruleApple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).
SV-106551r1_ruleApple iOS/iPadOS must not allow backup to remote systems (iCloud Keychain).
SV-106553r1_ruleApple iOS/iPadOS must not allow backup to remote systems (My Photo Stream).
SV-106555r1_ruleApple iOS/iPadOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).
SV-106557r1_ruleApple iOS/iPadOS must not allow backup to remote systems (managed applications data stored in iCloud).
SV-106559r1_ruleApple iOS/iPadOS must not allow backup to remote systems (enterprise books).
SV-106561r1_ruleApple iOS/iPadOS must not allow non-DoD applications to access DoD data.
SV-106563r1_ruleApple iOS/iPadOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.
SV-106565r1_ruleApple iOS/iPadOS must implement the management setting: remove managed applications upon unenrollment from MDM (including sensitive and protected data).
SV-106567r1_ruleApple iOS/iPadOS must require a valid password be successfully entered before the mobile device data is unencrypted.
SV-106569r1_ruleApple iOS/iPadOS must implement the management setting: limit Ad Tracking.
SV-106571r1_ruleApple iOS/iPadOS must implement the management setting: not allow automatic completion of Safari browser passcodes.
SV-106573r1_ruleApple iOS/iPadOS must implement the management setting: Encrypt iTunes backups / Encrypt local backup.
SV-106575r1_ruleApple iOS/iPadOS must implement the management setting: not allow use of Handoff.
SV-106577r1_ruleApple iOS/iPadOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
SV-106579r1_ruleApple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.
SV-106581r1_ruleApple iOS/iPadOS must implement the management setting: Disable Allow Shared Albums.
SV-106583r1_ruleiPhone and iPad must have the latest available iOS operating system installed.
SV-106585r1_ruleApple iOS/iPadOS must implement the management setting: use SSL for Exchange ActiveSync.
SV-106587r1_ruleApple iOS/iPadOS must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS Mail app.
SV-106589r1_ruleApple iOS/iPadOS must implement the management setting: Treat Airdrop as an unmanaged destination.
SV-106591r1_ruleApple iOS/iPadOS must implement the management setting: not have any Family Members in Family Sharing.
SV-106593r1_ruleApple iOS/iPadOS must implement the management setting: not share location data through iCloud.
SV-106595r1_ruleApple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection.
SV-106597r1_ruleApple iOS/iPadOS users must complete required training.
SV-106599r1_ruleA managed photo app must be used to take and store work-related photos.
SV-106601r1_ruleApple iOS/iPadOS must implement the management setting: enable USB Restricted Mode.
SV-106603r1_ruleApple iOS/iPadOS must not allow managed apps to write contacts to unmanaged contacts accounts.
SV-106605r1_ruleApple iOS/iPadOS must not allow unmanaged apps to read contacts from managed contacts accounts.
SV-106607r1_ruleApple iOS/iPadOS must implement the management setting: disable AirDrop.
SV-106609r1_ruleApple iOS/iPadOS must implement the management setting: disable paired Apple Watch.
SV-106611r1_ruleApple iOS/iPadOS must disable password autofill in browsers and applications.
SV-106613r1_ruleApple iOS/iPadOS must disable allow setting up new nearby devices.
SV-106615r1_ruleApple iOS/iPadOS must disable password proximity requests.
SV-106617r1_ruleApple iOS/iPadOS must disable password sharing.
SV-106619r1_ruleApple iOS/iPadOS must disable Find My Friends in the Find My app.
SV-106621r1_ruleThe Apple iOS/iPadOS must be Supervised by the MDM.
SV-106623r1_ruleApple iOS/iPadOS must disable Allow USB drive access in Files access if the AO has not approved the use of DoD approved USB storage drives with iOS/iPadOS devices.