STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Apple iOS/iPadOS 15 Security Technical Implementation Guide

Version

V1R4

Benchmark ID

Apple_iOS-iPadOS_15_STIG

Total Checks

64

Tags

mobile

CAT I: 3CAT II: 48CAT III: 13

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (64)

V-250919LOWApple iOS/iPadOS 15 must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].V-250920MEDIUMApple iOS/iPadOS 15 must not allow backup to remote systems (iCloud).V-250921MEDIUMApple iOS/iPadOS 15 must not allow backup to remote systems (iCloud document and data synchronization).V-250922MEDIUMApple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Keychain).V-250923MEDIUMApple iOS/iPadOS 15 must not allow backup to remote systems (My Photo Stream).V-250924MEDIUMApple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).V-250925MEDIUMApple iOS/iPadOS 15 must not allow backup to remote systems (managed applications data stored in iCloud).V-250926MEDIUMApple iOS/iPadOS 15 must not allow backup to remote systems (enterprise books).V-250927MEDIUMApple iOS/iPadOS 15 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.V-250928MEDIUMApple iOS/iPadOS 15 must [selection: remove Enterprise application, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM.V-250929MEDIUMApple iOS/iPadOS 15 must be configured to enforce a minimum password length of six characters.V-250930MEDIUMApple iOS/iPadOS 15 must be configured to not allow passwords that include more than two repeating or sequential characters.V-250931MEDIUMApple iOS/iPadOS 15 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.V-250932MEDIUMApple iOS/iPadOS 15 must be configured to lock the display after 15 minutes (or less) of inactivity.V-250933MEDIUMApple iOS/iPadOS 15 must be configured to not allow more than 10 consecutive failed authentication attempts.V-250934MEDIUMApple iOS/iPadOS 15 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].V-250935MEDIUMApple iOS/iPadOS 15 must not include applications with the following characteristics: access to Siri when the device is locked.V-250936MEDIUMApple iOS/iPadOS 15 allow list must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.V-250937MEDIUMApple iOS/iPadOS 15 allowlist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers.V-250938MEDIUMApple iOS/iPadOS 15 must be configured to not display notifications when the device is locked.V-250939MEDIUMApple iOS/iPadOS 15 must not display notifications (calendar information) when the device is locked.V-250940LOWApple iOS/iPadOS 15 must be configured to display the DoD advisory warning message at startup or each time the user unlocks the device.V-250941MEDIUMApple iOS/iPadOS 15 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.V-250942MEDIUMApple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.V-250943MEDIUMApple iOS/iPadOS 15 must be configured to disable multiuser modes.V-250944MEDIUMApple iOS/iPadOS 15 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.V-250945MEDIUMApple iOS/iPadOS 15 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM.V-250946MEDIUMApple iOS/iPadOS 15 must be configured to disable ad hoc wireless client-to-client connection capability.V-250947HIGHApple iOS/iPadOS 15 must require a valid password be successfully entered before the mobile device data is unencrypted.V-250948LOWApple iOS/iPadOS 15 must implement the management setting: limit Ad Tracking.V-250949LOWApple iOS/iPadOS 15 must implement the management setting: not allow automatic completion of Safari browser passcodes.V-250950MEDIUMApple iOS/iPadOS 15 must implement the management setting: Encrypt iTunes backups/Encrypt local backup.V-250951LOWApple iOS/iPadOS 15 must implement the management setting: not allow use of Handoff.V-250952LOWApple iOS/iPadOS 15 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.V-250953MEDIUMApple iOS/iPadOS 15 must implement the management setting: Disable Allow MailDrop.V-250954MEDIUMApple iOS/iPadOS 15 must implement the management setting: Disable Allow Shared Albums.V-250955HIGHiPhone and iPad must have the latest available iOS/iPadOS operating system installed.V-250956MEDIUMApple iOS/iPadOS 15 must implement the management setting: use SSL for Exchange ActiveSync.V-250957MEDIUMApple iOS/iPadOS 15 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 15 Mail app.V-250958MEDIUMApple iOS/iPadOS 15 must implement the management setting: Treat AirDrop as an unmanaged destination.V-250959LOWApple iOS/iPadOS 15 must implement the management setting: not have any Family Members in Family Sharing.V-250960MEDIUMApple iOS/iPadOS 15 must implement the management setting: not share location data through iCloud.V-250961LOWApple iOS/iPadOS 15 must implement the management setting: force Apple Watch wrist detection.V-250962MEDIUMApple iOS/iPadOS 15 users must complete required training.V-250963MEDIUMA managed photo app must be used to take and store work-related photos.V-250964MEDIUMApple iOS/iPadOS 15 must implement the management setting: enable USB Restricted Mode.V-250965LOWApple iOS/iPadOS 15 must not allow managed apps to write contacts to unmanaged contacts accounts.V-250966LOWApple iOS/iPadOS 15 must not allow unmanaged apps to read contacts from managed contacts accounts.V-250967LOWApple iOS/iPadOS 15 must implement the management setting: disable AirDrop.V-250968MEDIUMApple iOS/iPadOS 15 must implement the management setting: disable paired Apple Watch.V-250969MEDIUMApple iOS/iPadOS 15 must disable Password AutoFill in browsers and applications.V-250970MEDIUMApple iOS/iPadOS 15 must disable allow setting up new nearby devices.V-250971MEDIUMApple iOS/iPadOS 15 must disable password proximity requests.V-250972MEDIUMApple iOS/iPadOS 15 must disable password sharing.V-250973LOWApple iOS/iPadOS 15 must disable Find My Friends in the Find My app.V-250974MEDIUMThe Apple iOS/iPadOS 15 must be supervised by the MDM.V-250975MEDIUMApple iOS/iPadOS 15 must disable "Allow USB drive access in Files app" if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices.V-250976LOWThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.V-250977MEDIUMApple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements.V-250978MEDIUMApple iOS/iPadOS 15 must disable "Allow network drive access in Files access".V-250979MEDIUMApple iOS/iPadOS 15 must disable connections to Siri servers for the purpose of dictation.V-250980MEDIUMApple iOS/iPadOS 15 must disable connections to Siri servers for the purpose of translation.V-250981MEDIUMApple iOS/iPadOS 15 must disable copy/paste of data from managed to unmanaged applications.V-259889HIGHAll Apple iOS/iPadOS 15 installations must be removed.