STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide

Version

V1R2

Benchmark ID

Apple_iOS-iPadOS_16_BYOAD_STIG

Total Checks

31

Tags

mobile

CAT I: 3CAT II: 22CAT III: 6

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (31)

V-257104MEDIUMApple iOS/iPadOS 16 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device.V-257105MEDIUMApple iOS/iPadOS 16 must not allow backup to remote systems (managed applications data stored in iCloud).V-257106MEDIUMApple iOS/iPadOS 16 must not allow backup to remote systems (enterprise books).V-257107MEDIUMApple iOS/iPadOS 16 must be configured to enforce a minimum password length of six characters.V-257108MEDIUMApple iOS/iPadOS 16 must be configured to not allow passwords that include more than four repeating or sequential characters.V-257110MEDIUMApple iOS/iPadOS 16 must be configured to lock the display after 15 minutes (or less) of inactivity.V-257111MEDIUMApple iOS/iPadOS 16 must be configured to not allow more than 10 consecutive failed authentication attempts.V-257112MEDIUMApple iOS/iPadOS 16 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store].V-257113MEDIUMThe Apple iOS/iPadOS 16 allow list must be configured to not include applications with the following characteristics: - backs up MD data to non-DOD cloud servers (including user and application access to cloud backup services); - transmits MD diagnostic data to non-DOD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers.V-257114MEDIUMApple iOS/iPadOS 16 must be configured to not display notifications when the device is locked.V-257115MEDIUMApple iOS/iPadOS 16 must not display notifications (calendar information) when the device is locked.V-257116LOWThe Apple iOS/iPadOS 16 device User Agreement must include the DOD advisory warning message.V-257117MEDIUMApple iOS/iPadOS 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.V-257118MEDIUMApple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.V-257119MEDIUMApple iOS/iPadOS 16 must be configured to wipe enterprise data and apps upon unenrollment from MDM.V-257120HIGHApple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted.V-257121MEDIUMApple iOS/iPadOS 16 must implement the management setting: Encrypt iTunes backups/Encrypt local backup.V-257122LOWApple iOS/iPadOS 16 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.V-257123HIGHiPhone and iPad must have the latest available iOS/iPadOS operating system installed.V-257124MEDIUMApple iOS/iPadOS 16 must implement the management setting: use SSL for Exchange ActiveSync.V-257125MEDIUMApple iOS/iPadOS 16 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 16 Mail app.V-257126MEDIUMApple iOS/iPadOS 16 must implement the management setting: Treat AirDrop as an unmanaged destination.V-257127LOWApple iOS/iPadOS 16 must implement the management setting: force Apple Watch wrist detection.V-257128MEDIUMApple iOS/iPadOS 16 users must complete required training.V-257129MEDIUMA managed photo app must be used to take and store work-related photos.V-257130LOWApple iOS/iPadOS 16 must not allow managed apps to write contacts to unmanaged contacts accounts.V-257131LOWApple iOS/iPadOS 16 must not allow unmanaged apps to read contacts from managed contacts accounts.V-257132LOWThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.V-257133MEDIUMApple iOS/iPadOS 16 must disable copy/paste of data from managed to unmanaged applications.V-257134MEDIUMApple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.V-274442HIGHAll Apple iOS/iPadOS 16 BYOAD installations must be removed.