没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
CIS Apple iOS 10 Benchmark
v2.0.0 - 05-15-2017
1 | P a g e
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike
4.0 International Public License. The link to the license terms can be found at
https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode
To further clarify the Creative Commons license related to CIS Benchmark content, you are
authorized to copy and redistribute the content for use by you, within your organization
and outside your organization for non-commercial purposes only, provided that (i)
appropriate credit is given to CIS, (ii) a link to the license is provided. Additionally, if you
remix, transform or build upon the CIS Benchmark(s), you may only distribute the modified
materials if they are subject to the same license terms as the original Benchmark license
and your derivative will no longer be a CIS Benchmark. Commercial use of CIS Benchmarks
is subject to the prior approval of the Center for Internet Security.
2 | P a g e
Table of Contents
Overview .................................................................................................................................................................. 6
Intended Audience ........................................................................................................................................... 6
Consensus Guidance ........................................................................................................................................ 6
Typographical Conventions ......................................................................................................................... 7
Scoring Information ........................................................................................................................................ 7
Profile Definitions ............................................................................................................................................ 8
Acknowledgements ......................................................................................................................................... 9
Recommendations ............................................................................................................................................. 10
1 Benchmark Guidance ............................................................................................................................... 10
2 Configuration Profile Recommendations for End-User Owned Devices .............................. 12
2.1 General .................................................................................................................................................. 12
2.1.1 (L1) Ensure a 'Consent Message' has been 'Configured' (Scored) ........................ 12
2.1.2 (L1) Ensure 'Controls when the profile can be removed' is set to 'Always'
(Scored) ................................................................................................................................................... 14
2.2 Restrictions .......................................................................................................................................... 15
2.2.1.1 (L1) Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'
(Scored) ................................................................................................................................................... 15
2.2.1.2 (L1) Ensure 'Allow Siri while device is locked' is set to 'Disabled' (Scored) . 17
2.2.1.3 (L1) Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'
(Scored) ................................................................................................................................................... 19
2.2.1.4 (L1) Ensure 'Force encrypted backups' is set to 'Enabled' (Not Scored) ........ 21
2.2.1.5 (L2) Ensure 'Allow users to accept untrusted TLS certificates' is set to
'Disabled' (Scored) .............................................................................................................................. 23
2.2.1.6 (L1) Ensure 'Allow documents from managed sources in unmanaged
destinations' is set to 'Disabled' (Scored) .................................................................................. 25
2.2.1.7 (L1) Ensure 'Allow documents from unmanaged sources in managed
destinations' is set to 'Disabled' (Scored) .................................................................................. 27
2.2.1.8 (L1) Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'
(Scored) ................................................................................................................................................... 29
3 | P a g e
2.2.1.9 (L2) Ensure 'Allow Handoff' is set to 'Disabled' (Scored) ..................................... 31
2.2.1.10 (L1) Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' (Scored)
..................................................................................................................................................................... 33
2.2.1.11 (L1) Ensure 'Show Control Center in Lock screen' is set to 'Disabled'
(Scored) ................................................................................................................................................... 35
2.2.1.12 (L1) Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'
(Scored) ................................................................................................................................................... 37
2.2.2.1 (L1) Ensure 'Force fraud warning' is set to 'Enabled' (Scored) .......................... 39
2.2.2.2 (L1) Ensure 'Accept cookies' is set to 'From websites I visit' or `From current
website only` (Scored) ....................................................................................................................... 41
2.3 Domains ................................................................................................................................................ 43
2.3.1 (L1) Ensure 'Managed Safari Web Domains' is `Configured` (Not Scored) ........ 43
2.4 Passcode ............................................................................................................................................... 45
2.4.1 (L1) Ensure 'Allow simple value' is set to 'Disabled' (Scored)................................ 45
2.4.2 (L1) Ensure 'Minimum passcode length' is set to '6' or greater (Scored) .......... 47
2.4.3 (L1) Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less (Scored) ........... 49
2.4.4 (L1) Ensure 'Maximum grace period for device lock' is set to 'Immediately'
(Scored) ................................................................................................................................................... 51
2.4.5 (L1) Ensure 'Maximum number of failed attempts' is set to '6' (Scored) ........... 53
2.5 VPN ......................................................................................................................................................... 55
2.5.1 (L1) Ensure 'VPN' is 'Configured' (Scored)..................................................................... 55
2.6 Mail ......................................................................................................................................................... 57
2.6.1 (L1) Ensure 'Allow user to move messages from this account' is set to
'Disabled' (Scored) .............................................................................................................................. 57
2.7 Notifications ........................................................................................................................................ 59
2.7.1 (L1) Ensure 'Notification Settings' are configured for all 'Managed Apps'
(Scored) ................................................................................................................................................... 59
3 Configuration Profile Recommendations for Institutionally Owned Devices .................... 61
3.1 General .................................................................................................................................................. 61
3.1.1 (L1) Ensure 'Controls when the profile can be removed' is set to 'Never'
(Scored) ................................................................................................................................................... 61
3.2 Restrictions .......................................................................................................................................... 63
4 | P a g e
3.2.1.1 (L2) Ensure 'Allow screenshots and screen recording' is set to 'Disabled' (Not
Scored) ..................................................................................................................................................... 63
3.2.1.2 (L1) Ensure 'Allow voice dialing while device is locked' is set to 'Disabled'
(Scored) ................................................................................................................................................... 65
3.2.1.3 (L1) Ensure 'Allow Siri while device is locked' is set to 'Disabled' (Scored) . 67
3.2.1.4 (L1) Ensure 'Allow iCloud backup' is set to 'Disabled' (Scored) ......................... 69
3.2.1.5 (L1) Ensure 'Allow iCloud documents & data' is set to 'Disabled' (Scored) ... 71
3.2.1.6 (L1) Ensure 'Allow iCloud Keychain' is set to 'Disabled' (Scored) ..................... 73
3.2.1.7 (L1) Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'
(Scored) ................................................................................................................................................... 75
3.2.1.8 (L1) Ensure 'Force encrypted backups' is set to 'Enabled' (Scored) ................ 77
3.2.1.9 (L1) Ensure 'Allow Erase All Content and Settings' is set to 'Disabled'
(Scored) ................................................................................................................................................... 79
3.2.1.10 (L2) Ensure 'Allow users to accept untrusted TLS certificates' is set to
'Disabled' (Not Scored) ...................................................................................................................... 81
3.2.1.11 (L1) Ensure 'Allow installing configuration profiles' is set to 'Disabled'
(Scored) ................................................................................................................................................... 83
3.2.1.12 (L2) Ensure 'Allow modifying cellular data app settings' is set to 'Disabled'
(Not Scored) ........................................................................................................................................... 85
3.2.1.13 (L2) Ensure 'Allow pairing with non-Configurator hosts' is set to 'Disabled'
(Scored) ................................................................................................................................................... 87
3.2.1.14 (L1) Ensure 'Allow documents from managed sources in unmanaged
destinations' is set to 'Disabled' (Scored) .................................................................................. 89
3.2.1.15 (L1) Ensure 'Allow documents from unmanaged sources in managed
destinations' is set to 'Disabled' (Scored) .................................................................................. 91
3.2.1.16 (L1) Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'
(Scored) ................................................................................................................................................... 93
3.2.1.17 (L1) Ensure 'Allow Handoff' is set to 'Disabled' (Scored) ................................... 95
3.2.1.18 (L1) Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' (Scored)
..................................................................................................................................................................... 97
3.2.1.19 (L1) Ensure 'Show Control Center in Lock screen' is set to 'Disabled'
(Scored) ................................................................................................................................................... 99
3.2.1.20 (L1) Ensure 'Show Notification Center in Lock screen' is set to 'Disabled'
(Scored) ................................................................................................................................................. 101
剩余137页未读,继续阅读
资源评论
FEI891225
- 粉丝: 2
- 资源: 37
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功