CIS-Apple-iOS-10-Benchmark-v2.0.0.pdf资源-CSDN文库

ios

安全评测

需积分: 5 49 浏览量 2023-08-20 14:25:39 上传评论收藏 1.46MB PDF 举报

资源推荐

资源详情

资源评论

CIS Apple iOS 10 Benchmark

v2.0.0 - 05-15-2017

2 | P a g e  
 
 
Table of Contents 
Overview .................................................................................................................................................................. 6 
Intended Audience ........................................................................................................................................... 6 
Consensus Guidance ........................................................................................................................................ 6 
Typographical Conventions ......................................................................................................................... 7 
Scoring Information ........................................................................................................................................ 7 
Profile Definitions ............................................................................................................................................ 8 
Acknowledgements ......................................................................................................................................... 9 
Recommendations ............................................................................................................................................. 10 
1 Benchmark Guidance ............................................................................................................................... 10 
2 Configuration Profile Recommendations for End-User Owned Devices .............................. 12 
2.1 General .................................................................................................................................................. 12 
2.1.1 (L1) Ensure a 'Consent Message' has been 'Configured' (Scored) ........................ 12 
2.1.2 (L1) Ensure 'Controls when the profile can be removed' is set to 'Always' 
(Scored) ................................................................................................................................................... 14 
2.2 Restrictions .......................................................................................................................................... 15 
2.2.1.1 (L1) Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 15 
2.2.1.2 (L1) Ensure 'Allow Siri while device is locked' is set to 'Disabled' (Scored) . 17 
2.2.1.3 (L1) Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 19 
2.2.1.4 (L1) Ensure 'Force encrypted backups' is set to 'Enabled' (Not Scored) ........ 21 
2.2.1.5 (L2) Ensure 'Allow users to accept untrusted TLS certificates' is set to 
'Disabled' (Scored) .............................................................................................................................. 23 
2.2.1.6 (L1) Ensure 'Allow documents from managed sources in unmanaged 
destinations' is set to 'Disabled' (Scored) .................................................................................. 25 
2.2.1.7 (L1) Ensure 'Allow documents from unmanaged sources in managed 
destinations' is set to 'Disabled' (Scored) .................................................................................. 27 
2.2.1.8 (L1) Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' 
(Scored) ................................................................................................................................................... 29 

| P a g e  
 
2.1.9 (L2) Ensure 'Allow Handoff' is set to 'Disabled' (Scored) ..................................... 31 
2.1.10 (L1) Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' (Scored)
 ..................................................................................................................................................................... 33 
2.1.11 (L1) Ensure 'Show Control Center in Lock screen' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 35 
2.1.12 (L1) Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 37 
2.2.1 (L1) Ensure 'Force fraud warning' is set to 'Enabled' (Scored) .......................... 39 
2.2.2 (L1) Ensure 'Accept cookies' is set to 'From websites I visit' or `From current 
website only` (Scored) ....................................................................................................................... 41 
3 Domains ................................................................................................................................................ 43 
3.1 (L1) Ensure 'Managed Safari Web Domains' is `Configured` (Not Scored) ........ 43 
4 Passcode ............................................................................................................................................... 45 
4.1 (L1) Ensure 'Allow simple value' is set to 'Disabled' (Scored)................................ 45 
4.2 (L1) Ensure 'Minimum passcode length' is set to '6' or greater (Scored) .......... 47 
4.3 (L1) Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less (Scored) ........... 49 
4.4 (L1) Ensure 'Maximum grace period for device lock' is set to 'Immediately' 
(Scored) ................................................................................................................................................... 51 
4.5 (L1) Ensure 'Maximum number of failed attempts' is set to '6' (Scored) ........... 53 
5 VPN ......................................................................................................................................................... 55 
5.1 (L1) Ensure 'VPN' is 'Configured' (Scored)..................................................................... 55 
6 Mail ......................................................................................................................................................... 57 
6.1 (L1) Ensure 'Allow user to move messages from this account' is set to 
'Disabled' (Scored) .............................................................................................................................. 57 
7 Notifications ........................................................................................................................................ 59 
7.1 (L1) Ensure 'Notification Settings' are configured for all 'Managed Apps' 
(Scored) ................................................................................................................................................... 59 
Configuration Profile Recommendations for Institutionally Owned Devices .................... 61 
1 General .................................................................................................................................................. 61 
1.1 (L1) Ensure 'Controls when the profile can be removed' is set to 'Never' 
(Scored) ................................................................................................................................................... 61 
2 Restrictions .......................................................................................................................................... 63 

4 | P a g e  
 
3.2.1.1 (L2) Ensure 'Allow screenshots and screen recording' is set to 'Disabled' (Not 
Scored) ..................................................................................................................................................... 63 
3.2.1.2 (L1) Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 65 
3.2.1.3 (L1) Ensure 'Allow Siri while device is locked' is set to 'Disabled' (Scored) . 67 
3.2.1.4 (L1) Ensure 'Allow iCloud backup' is set to 'Disabled' (Scored) ......................... 69 
3.2.1.5 (L1) Ensure 'Allow iCloud documents & data' is set to 'Disabled' (Scored) ... 71 
3.2.1.6 (L1) Ensure 'Allow iCloud Keychain' is set to 'Disabled' (Scored) ..................... 73 
3.2.1.7 (L1) Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 75 
3.2.1.8 (L1) Ensure 'Force encrypted backups' is set to 'Enabled' (Scored) ................ 77 
3.2.1.9 (L1) Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 79 
3.2.1.10 (L2) Ensure 'Allow users to accept untrusted TLS certificates' is set to 
'Disabled' (Not Scored) ...................................................................................................................... 81 
3.2.1.11 (L1) Ensure 'Allow installing configuration profiles' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 83 
3.2.1.12 (L2) Ensure 'Allow modifying cellular data app settings' is set to 'Disabled' 
(Not Scored) ........................................................................................................................................... 85 
3.2.1.13 (L2) Ensure 'Allow pairing with non-Configurator hosts' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 87 
3.2.1.14 (L1) Ensure 'Allow documents from managed sources in unmanaged 
destinations' is set to 'Disabled' (Scored) .................................................................................. 89 
3.2.1.15 (L1) Ensure 'Allow documents from unmanaged sources in managed 
destinations' is set to 'Disabled' (Scored) .................................................................................. 91 
3.2.1.16 (L1) Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' 
(Scored) ................................................................................................................................................... 93 
3.2.1.17 (L1) Ensure 'Allow Handoff' is set to 'Disabled' (Scored) ................................... 95 
3.2.1.18 (L1) Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' (Scored)
 ..................................................................................................................................................................... 97 
3.2.1.19 (L1) Ensure 'Show Control Center in Lock screen' is set to 'Disabled' 
(Scored) ................................................................................................................................................... 99 
3.2.1.20 (L1) Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' 
(Scored) ................................................................................................................................................. 101 