STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Apple iOS/iPad OS 16 MDFPP 3.3 BYOAD Security Technical Implementation Guide

V-257096

CAT III (Low)

The EMM system supporting the iOS/iPadOS 16 BYOAD must be configured to only wipe managed data and apps and not unmanaged data and apps when the user's access is revoked or terminated, the user no longer has the need to access DOD data or IT, or the user reports a registered device as lost, stolen, or showing indicators of compromise.

Rule ID

SV-257096r959010_rule

STIG

Apple iOS/iPad OS 16 MDFPP 3.3 BYOAD Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

DOD policy requires the protection and privacy of personal data and activities to the maximum extent possible on BYOADs. Reference: DOD policy "Use of Non-Government Mobile Devices". 3.b.(5). SFR ID: FMT_SMF_EXT.1.1 #47

Check Content

Verify the EMM system administrators supporting the iOS/iPadOS 16 BYOAD have been trained to only wipe managed data and apps when the user's access is revoked or terminated, the user no longer has the need to access DOD data or IT, or the user reports a registered device as lost, stolen, or showing indicators of compromise.

If the EMM system administrators supporting the iOS/iPadOS 16 BYOAD have not been trained to only wipe managed data and apps, this is a finding.

Fix Text

Train EMM system administrators supporting the iOS/iPadOS 16 BYOAD to only wipe managed data and apps when the user's access is revoked or terminated, the user no longer has the need to access DOD data or IT, or the user reports a registered device as lost, stolen, or showing indicators of compromise.