STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Apple iOS/iPadOS 17 BYOAD Security Technical Implementation Guide

Version

V1R2

Benchmark ID

Apple_iOS-iPadOS_17_BYOAD_STIG

Total Checks

19

Tags

mobile
CAT I: 4CAT II: 12CAT III: 3

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (19)

V-259742MEDIUMThe EMM system supporting the iOS/iPadOS 17 BYOAD must be configured for autonomous monitoring, compliance, and validation to ensure security/configuration settings of mobile devices do not deviate from the approved configuration baseline.V-259743MEDIUMThe EMM system supporting the iOS/iPadOS 17 BYOAD must be configured to initiate autonomous monitoring, compliance, and validation prior to granting the BYOAD access to DOD information and IT resources.V-259744MEDIUMThe EMM system supporting the iOS/iPadOS 17 BYOAD must be configured to detect if the BYOAD native security controls are disabled.V-259745MEDIUMThe EMM system supporting the iOS/iPadOS 17 BYOAD must be configured to detect if known malicious, blocked, or prohibited applications are installed on the BYOAD (DOD-managed segment only).V-259746MEDIUMThe EMM system supporting the iOS/iPadOS 17 BYOAD must be configured to detect if the BYOAD is configured to access nonapproved third-party applications stores (DOD-managed segment only).V-259747MEDIUMThe EMM detection/monitoring system must use continuous monitoring of enrolled iOS/iPadOS 17 BYOAD.V-259748MEDIUMThe iOS/iPadOS 17 BYOAD must be configured to either disable access to DOD data, IT systems, and user accounts or wipe managed data and apps if the EMM system detects native security controls are disabled.V-259749MEDIUMThe iOS/iPadOS 17 BYOAD must be configured to either disable access to DOD data, IT systems, and user accounts or wipe managed data and apps if the EMM system detects the BYOAD device has known malicious, blocked, or prohibited applications or is configured to access nonapproved managed third-party applications stores.V-259750MEDIUMThe iOS/iPadOS 17 BYOAD must be configured so that managed data and apps are removed if the device is no longer receiving security or software updates.V-259751HIGHThe BYOAD and DOD enterprise must be configured to limit access to only enterprise IT resources approved by the authorizing official (AO).V-259752LOWThe iOS/iPadOS 17 BYOAD must be configured to protect users' privacy, personal information, and applications.V-259753LOWThe EMM system supporting the iOS/iPadOS 17 BYOAD must be configured to only wipe managed data and apps and not unmanaged data and apps when the user's access is revoked or terminated, the user no longer has the need to access DOD data or IT, or the user reports a registered device as lost, stolen, or showing indicators of compromise.V-259754MEDIUMThe iOS/iPadOS 17 BYOAD must be deployed in Device Enrollment mode or User Enrollment mode.V-259755HIGHThe EMM system supporting the iOS/iPadOS 17 BYOAD must be NIAP validated (included on the NIAP list of compliant products or products in evaluation) unless the DOD CIO has granted an approved Exception to Policy (E2P).V-259756LOWThe User Agreement must include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.V-259757MEDIUMThe DOD Mobile Service Provider must not allow BYOADs in facilities where personally owned mobile devices are prohibited.V-259758MEDIUMThe iOS/iPadOS 17 BYOAD must be configured to disable device cameras and/or microphones when brought into DOD facilities where mobile phone cameras and/or microphones are prohibited.V-259759HIGHThe mobile device used for BYOAD must be NIAP validated.V-274440HIGHAll Apple iOS/iPadOS 17 BYOAD installations must be removed.