FINAL DRAFT. APPLE ios 9 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) CONFIGURATION TABLE. Version 1, Release 0.1.



Similar documents
Mobile Device Management ios Policies

Introduction to AirWatch and Configurator

Deploying iphone and ipad Mobile Device Management

Deploying iphone and ipad Security Overview

Policy and Profile Reference Guide. BES10 Cloud Market Preview

Configuration Profiles Reference Guide

iphone in Business Mobile Device Management

ipad in Business Mobile Device Management

End User Devices Security Guidance: Apple ios 8

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

Default Policy Settings ZENworks Mobile Management 2.7.x

Data Security on the Move. Mark Bloemsma, Sr. Sales Engineer Websense

1. Set a longer (and stronger) six-digit passcode. 2. Prevent apps from uploading your data

Systems Manager Cloud-Based Enterprise Mobility Management

Apple Deployment Programs Apple ID for Students: Parent Guide

itunes: About ios backups

PMDP is simple to set up, start using, and maintain

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Systems Manager Cloud Based Mobile Device Management

ipad in Business Security

ios Enterprise Deployment Overview

Corporate-level device management for BlackBerry, ios and Android

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback -

Apple Configurator MDM Site - Review

company policies are adhered to and all parties (traders,

LabTech Mobile Device Management Overview

User Guide. Version R9. English

The Centrify Vision: Unified Access Management

Students Mobile Messaging Registration & Configuration

User Guide. Version R92. English

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

Mobile Device Manager. ios User Guide

Introduction to the ios Platform Guide

ios W HY YOU NEED TO UPGRADE Presented by Ammy Woodbury AND HOW TO GET THE MOST FROM I OS 7

Managing Mobility. 10 top tips for Enterprise Mobility Management

Apple Configurator Settings for Deploying ios Devices

Mobile Device Management (MDM) Policies

Guidance End User Devices Security Guidance: Apple ios 7

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

ManageEngine Desktop Central. Mobile Device Management User Guide

OS X Yosemite - Features

ios How to Back Up from icloud

Networking & Internet: Enterprise Deployment

System Configuration and Deployment Guide

iphone Setup & Features

ipad Basics Tips from the October 16, 2014 ipad Basics Class Tip No. 1 Apple ID Where is it found? Settings>iCloud>Apple ID

Basic Computer Security Part 3

Mobile Device Management (MDM) Policies. Best Practices Guide.

ipad Deployment Guide

Mobile Iron User Guide

Mobile Device Management Solution Hexnode MDM

eschoolpad for ipad INSTALLATION GUIDE v3.0 Prepared by: Avrio Solutions Company Limited

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com

Absolute Manage MDM. John Wu Systems Engineer

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

Introduction...3. Creating an Apple ID...3. Setting Up Your ipad...4. Connecting to Genesis...4. Setting Up Your ipad...5. ipad Name Change...

iphone User Guide For ios 8.3 Software

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Managing Apple Devices

What s New in Managing Apple Devices

Using the Apple Configurator and MaaS3360

ipod touch User Guide For ios 8.1 Software

iphone User Guide For ios 5.1 Software

Oracle Mobile Security

AirWatch for Android Devices

AirWatch for ios Devices

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

iphone in Business Security Overview

End User Devices Security Guidance: Apple OS X 10.10

DESlock+ Mobile allows you to encrypt and decrypt and attachments, text and files on your ios device.

ios Education Deployment Overview

iphone User Guide For ios 7 Software

How To Use A Microsoft Mobile Security Software For A Corporate Account On A Mobile Device

Mobile Security Lessons Learned from a Global Company. Jim Huddleston, CISSP, CISM, CIPP, CGEIT Director, Global IT Risk Management

McAfee Enterprise Mobility Management

ANIRA/AVTS Managed VPN Capability for ios Devices (ipad, iphone, ipod touch )

When enterprise mobility strategies are discussed, security is usually one of the first topics

Mobile Configuration Profiles for ios Devices Technical Note

User Manual for Version Mobile Device Management (MDM) User Manual

iphone and ipad in Business Deployment Scenarios

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

ipad User Guide For ios 6.1 Software

Apple Pay Questions & Answers

iphone User Guide For ios 6.1 Software

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

What ios 8 means for UK healthcare organisations

Deploying iphone and ipad Apple Configurator

District 211 Technology. ipad Setup Instructions

Student ipad User and Setup Guide

ios 8 and the Enterprise

iphone in Business How-To Setup Guide for Users

Android support for Microsoft Exchange in pure Google devices

What ios 8 Means to the Enterprise

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

Managing and Supporting ipads in the Classroom Clint Stephens Southwest Educational Development Center

Dell Mobile Management. Apple Device Enrollment Program

Introduction to Mobile Management (MEM)

Transcription:

FINAL DRAFT APPLE ios 9 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) CONFIGURATION TABLE Version 1, Release 0.1 18 September 2015 Developed by Apple and for the DoD

LIST OF TABLES Page Table 1: Non-Supervised Controls...1 Table 2: Supervised Controls...11 ii

Table 1: Non-Supervised Controls General - Security Passcode Passcode Passcode Passcode Passcode Removal of configuration profile Allow Simple Value Require Alphanumeric value Minimum passcode length Minimum number of complex characters Maximum passcode age -Always -Never -With Authentication X Never AIOS-10-080103 Enable/Disable X Disable AIOS-01-080007 Enable/Disable X Disable 1 16 X 6 AIOS-01-080004 1 4, X 1 730, or None X None 1 15, or None X 1-5 recommended, 15 maximum allowable Passcode Passcode history 1 50, or None X None Passcode Maximum autolock AIOS-01-080002 Simple value passcodes include repeating, ascending, and descending character sequences. Device automatically locks when minutes elapse. If maximum auto-lock equals 15, the grace period shall be set to "Immediately". 1

Passcode Passcode Grace period for device lock -Immediately -1 min -5 min -15 min -1 hr -4 hrs X 15 minus value for maximum auto-lock time AIOS-01-080002 Maximum amount of time device can be locked without prompting for passcode on unlock. If maximum auto-lock equals 15, the grace period must be set to "Immediately". Maximum number of failed attempts 2 10 X 10 AIOS-01-080005 Allow use of Enable/Disable X Enable camera Allow FaceTime Enable/Disable X Disable "Disable" is a non-default value. Allow screenshots Enable/Disable X Disable Allow AirDrop Enable/Disable X Disable AIOS-05-080001 Allow voice dialing 080012 An ios management tool can only enforce this setting on a Supervised ios device. It is not required that ios devices be Supervised. For devices that are not Supervised, users must manually enforce the setting on each device. 2

Allow Siri Enable/Disable X Enable Allow Siri while device is locked Allow installing apps Allow in-app purchase Require itunes Store password for all purchases Allow icloud backup Allow icloud documents & data Allow icloud keychain Allow managed apps to store data in icloud Allow backup of enterprise books Allow notes and highlights sync for enterprise books Allow icloud photo sharing 080011 Enable/Disable X Enable Enable/Disable X Disable Enable/Disable X Enable 080002 080003 080004 080103 080101 Enable/Disable X Enable 080006 3

Allow My Photo Stream 080005 Allow automatic Enable/Disable X Disable sync while roaming Force encrypted Enable/Disable X Enable AIOS-02- backups 080017 Force limited ad Enable/Disable X Enable AIOS-02- tracking 080008 Allow users to Enable/Disable X Enable accept untrusted TLS certificates Allow automatic Enable/Disable X Enable updates to certificate trust settings Allow documents from managed apps 080014 in unmanaged apps Allow documents Enable/Disable X Disable from unmanaged apps in managed apps Allow Handoff 080102 Allow Internet search results in Spotlight Enable/Disable X Enable 4

Applications Applications Allow sending diagnostic and usage data to Apple Allow Touch ID to unlock device Require passcode on first AirPlay pairing Allow access when unlocked- Wallet Show Control Center in Lock screen Show Notification Center in Lock screen Show Today view in Lock screen Allow use of YouTube Allow installing apps using App Store and Apple Configurator Allow adding Game Center friends 080007 080013 Enable/Disable X Enable AIOS-02-080104 Enable/Disable X Disable Enable/Disable X Disable 080009 080010 Enable/Disable X Enable ios 4 and ios 5 devices only Enable/Disable X Enable Control function changed in ios 9 Enable/Disable X Disable 5

Force Apple Watch wrist detection Enable/Disable X Enable AIOS-11-080203 Media Content Allow use of Safari Enable/Disable X Enable Enable autofill 080016 Force fraud Enable/Disable X Enable warning Enable JavaScript Enable/Disable X Enable Block pop-ups Enable/Disable X Enable Accept Cookies Ratings region -Never -From visited sites -Always -Australia -Canada -France -Germany -Ireland -Japan -New Zealand -United Kingdom -United States X X From visited sites United States 6

Media Content Media Content Media Content Media Content Media Content Domains Exchange Active Sync Exchange Active Sync Exchange Active Sync Allowed Content Ratings (Movies) Allowed Content Ratings (TV Shows) Allowed Content Ratings () Allow playback of explicit, music, podcasts and itunes U media Allow explicit sexual content in ibooks Store Unmarked Email Domains Varies by country X Allow All Movies Varies by country X Allow All TV Shows 4+/9+/12+/17+ X Allow All Enable/Disable X Disable Enable/Disable X Disable Add/Remove X Enterprise email domain Enable S/MIME Enable/Disable X Enable Use SSL Enable/Disable X Enable AIOS-03-080101 Past Days of Mail to Sync -No limit -1 day -3 days -1 week -2 weeks -1 month X No limit "No limit" is not a default setting. 7

Exchange Active Sync Exchange Active Sync Exchange Active Sync Exchange Active Sync Allow messages to be moved Enable/Disable X Disable AIOS-03-080102 Allow recent Enable/Disable X Enable addresses to be synced Use only in Mail Enable/Disable X Disable Prevents third-party apps from sending messages using the Exchange email account. Allow MailDrop 090100 Prevents users from using the ios MailDrop feature. Control is New Certificates NA NA X NA It is not required to add certificates. If certificates are added, they must be DoD-approved certificates. MDM Server Option MDM Server Option App must be deleted when the MDM enrollment profile is removed Allow backup in Managed Enable/Disable X Enable AIOS-11-080202 Enable/Disable X Disable AIOS-11-080201 Must be configured on the MDM server for each Managed App. Must be configured on the MDM server for each Managed App. 8

Managed Domains Managed Safari Web Domains Add/Remove X List of.mil domains VPN Per App VPN Enable/Disable X Enable AIOS-11-080200 VPN Always-on VPN Enable/Disable X Enable AIOS-11-080200 An example configuration profile listing.mil domains will be provided as PKIprotected content at the IASE website (http://iase.disa.mil). Authorized individuals should visit the site for the latest guidance on appropriate use of managed domains. Not required if the Alwayson VPN profile is enabled or a DoD-approved VPN profile is installed or if the App has VPN functions already included in the App. This setting is only Not required if the Per App VPN is enabled or a DoDapproved VPN profile is installed or the App has VPN functions already included in the App. 9

VPN VPN Function included in App Allow icloud Photo Library NA X AIOS-11-080200 090101 Not required if the Alwayson VPN profile is enabled or the Per App VPN is enabled or a DoD-approved VPN profile is installed. New Enable/Disable Treat AirDrop as unmanaged destination Enable/Disable X Enable AIOS-02-090102 New 10

Table 2: Supervised Controls Policy Group Policy Rule Options Allow manual install of configuration profiles Allow account modification Enable/Disable X Disable This setting is only Enable/Disable X Disable This setting is only Allow Game Center Enable/Disable X Disable This setting is only Multiplayer gaming Enable/Disable X Disable This setting is only Adding Game Center Friends Enable/Disable X Disable This setting is only Allow AirDrop This setting can be set in conjunction with treating AirDrop as unmanaged. Allow Find my friends Allow removal of apps Enable/Disable X Disable This setting is only Enable/Disable X Disable This setting is only 11

Policy Group Policy Rule Options Allow pairing to computers for content sync Enable/Disable X Disable This setting is only Allow imessage Enable Siri Profanity Filter Show User Generated content in Siri Allow ibooks Store Allow installing apps using App Store Allow automatic app downloads Allow Erase All Content and Allow modifying cellular data app Became a Supervised control ios 9 Enable/Disable X Disable This setting is only New 12

Policy Group Policy Rule Options settings Allow modifying device name New Allow modifying passcode New Allow modifying Touch ID fingerprints New Allow modifying restrictions Allow modifying Wallpaper New Allow pairing with Apple Watch Enable/Disable X Enable (if approved by AO) This setting is only New Allow Predictive keyboard New in ios 8.4 Allow keyboard 13

Policy Group Policy Rule Options shortcuts New Allow auto correction New in ios 8.4 Allow Spell check New in ios 8.4 Allow Define New in ios 8.4 Allow use of News New Allow use of Podcasts Allow Trusting new Enterprise App Authors devices are supervised Enable/Disable X Disable This setting is only New 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information