Check: AIOS-11-080202
Apple iOS 10 STIG:
AIOS-11-080202
(in versions v1 r3 through v1 r1)
Title
Apple iOS must wipe protected or sensitive data upon unenrollment from MDM. (Cat II impact)
Discussion
When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, so it is at much greater risk of unauthorized access and disclosure. SFR ID: FMT_SMF_EXT.2.1
Check Content
Note: The procedure below is exactly the same for requirement AIOS-10-080102. This procedure needs to be performed only once. Note: Not all Apple iOS deployments involve MDM. If the site uses an authorized alternative to MDM for distribution of configuration profiles, this check procedure is not applicable. This check procedure is performed on the Apple iOS management tool. In the Apple iOS management tool, for each managed app, verify the app is configured to be removed when the MDM profile is removed. If one or more managed apps are not set to be removed upon device MDM unenrollment, this is a finding.
Fix Text
Install a configuration profile to delete all managed apps upon device unenrollment.
Additional Identifiers
Rule ID: SV-86507r1_rule
Vulnerability ID: V-71883
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001028 |
The organization sanitizes organization-defined information system media prior to disposal, release out of organizational control, or release for reuse using organization-defined sanitization techniques and procedures in accordance with applicable federal and organizational standards and policies. |