STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Apple iOS/iPadOS 17 Security Technical Implementation Guide

Version

V2R2

Benchmark ID

Apple_iOS-iPadOS_17_STIG

Total Checks

65

Tags

mobile

CAT I: 4CAT II: 46CAT III: 15

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (65)

V-258310LOWApple iOS/iPadOS 17 must allow the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].V-258320MEDIUMApple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters.V-258321MEDIUMApple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.V-258323MEDIUMApple iOS/iPadOS 17 must be configured to lock the display after 15 minutes (or less) of inactivity.V-258324MEDIUMApple iOS/iPadOS 17 must be configured to not allow more than 10 consecutive failed authentication attempts.V-258325HIGHApple iOS/iPadOS 17 must be configured to enforce a passcode reuse prohibition of at least two generations.V-258326MEDIUMApple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store].V-258327MEDIUMApple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked.V-258328MEDIUMApple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics: - backs up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- transmits MD diagnostic data to non-DOD servers;- allows synchronization of data or applications between devices associated with user; and- allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers.V-258329MEDIUMApple iOS/iPadOS 17 must be configured to not display notifications when the device is locked.V-258330MEDIUMApple iOS/iPadOS 17 must not display notifications (calendar information) when the device is locked.V-258331LOWApple iOS/iPadOS 17 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device.V-258332MEDIUMApple iOS/iPadOS 17 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.V-258333MEDIUMApple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.V-258334MEDIUMApple iPadOS 17 must be configured to disable multiuser modes.V-258335MEDIUMApple iOS/iPadOS 17 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM.V-258336MEDIUMApple iOS/iPadOS 17 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM.V-258337MEDIUMApple iOS/iPadOS 17 must be configured to disable ad hoc wireless client-to-client connection capability.V-258338HIGHApple iOS/iPadOS 17 must require a valid password be successfully entered before the mobile device data is unencrypted.V-258339LOWApple iOS/iPadOS 17 must implement the management setting: limit Ad Tracking.V-258340LOWApple iOS/iPadOS 17 must implement the management setting: not allow automatic completion of Safari browser passcodes.V-258341MEDIUMApple iOS/iPadOS 17 must implement the management setting: Encrypt backups/Encrypt local backup.V-258342LOWApple iOS/iPadOS 17 must implement the management setting: not allow use of Handoff.V-258343LOWApple iOS/iPadOS 17 must implement the management setting: not allow use of iPhone widgets on Mac.V-258344LOWApple iOS/iPadOS 17 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device.V-258345LOWApple iOS/iPadOS 17 must implement the management setting: require passcode for incoming Airplay connection requests.V-258346MEDIUMApple iOS/iPadOS 17 must implement the management setting: Disable Allow MailDrop.V-258347HIGHiPhone and iPad must have the latest available iOS/iPadOS operating system installed.V-258348MEDIUMApple iOS/iPadOS 17 must implement the management setting: use SSL for Exchange ActiveSync.V-258349MEDIUMApple iOS/iPadOS 17 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 17 Mail app.V-258350MEDIUMApple iOS/iPadOS 17 must implement the management setting: Treat AirDrop as an unmanaged destination.V-258351LOWApple iOS/iPadOS 17 must implement the management setting: not have any Family Members in Family Sharing.V-258352MEDIUMApple iOS/iPadOS 17 must implement the management setting: not share location data through iCloud.V-258353LOWApple iOS/iPadOS 17 must implement the management setting: force Apple Watch wrist detection.V-258354MEDIUMApple iOS/iPadOS 17 users must complete required training.V-258355MEDIUMA managed photo app must be used to take and store work-related photos.V-258356MEDIUMApple iOS/iPadOS 17 must implement the management setting: enable USB Restricted Mode.V-258357LOWApple iOS/iPadOS 17 must not allow managed apps to write contacts to unmanaged contacts accounts.V-258358LOWApple iOS/iPadOS 17 must not allow unmanaged apps to read contacts from managed contacts accounts.V-258359LOWApple iOS/iPadOS 17 must implement the management setting: disable AirDrop.V-258360MEDIUMApple iOS/iPadOS 17 must implement the management setting: disable paired Apple Watch.V-258361MEDIUMApple iOS/iPadOS 17 must implement the management setting: approved Apple Watches must be managed by an MDM.V-258362MEDIUMApple iOS/iPadOS 17 must disable "Password AutoFill" in browsers and applications.V-258363MEDIUMApple iOS/iPadOS 17 must disable allow setting up new nearby devices.V-258364MEDIUMApple iOS/iPadOS 17 must disable password proximity requests.V-258365MEDIUMApple iOS/iPadOS 17 must disable password sharing.V-258366LOWApple iOS/iPadOS 17 must disable "Find My Friends" in the "Find My" app.V-258367MEDIUMThe Apple iOS/iPadOS 17 must be supervised by the MDM.V-258369LOWThe Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.V-258370MEDIUMApple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DOD security requirements.V-258371MEDIUMApple iOS/iPadOS 17 must disable "Allow network drive access in Files access".V-258372MEDIUMApple iOS/iPadOS 17 must disable connections to Siri servers for the purpose of dictation.V-258373MEDIUMApple iOS/iPadOS 17 must disable connections to Siri servers for the purpose of translation.V-258374MEDIUMApple iOS/iPadOS 17 must disable copy/paste of data from managed to unmanaged applications.V-258375MEDIUMApple iOS/iPadOS 17 must have DOD root and intermediate PKI certificates installed.V-258376MEDIUMApple iOS/iPadOS 17 must be configured to disable "Auto Unlock" of the iPhone by an Apple Watch.V-259186MEDIUMApple iOS/iPadOS 17 must not allow backup to remote systems (iCloud).V-259187MEDIUMApple iOS/iPadOS 17 must not allow backup to remote systems (iCloud document and data synchronization).V-259188MEDIUMApple iOS/iPadOS 17 must not allow backup to remote systems (iCloud Keychain).V-259189MEDIUMApple iOS/iPadOS 17 must not allow backup to remote systems (Cloud Photo Library).V-259190MEDIUMApple iOS/iPadOS 17 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Stream or Shared Photo Stream).V-259191MEDIUMApple iOS/iPadOS 17 must not allow backup to remote systems (managed applications data stored in iCloud).V-259192MEDIUMApple iOS/iPadOS 17 must not allow backup to remote systems (enterprise books).V-259193MEDIUMApple iOS/iPadOS 17 must disable "Allow USB drive access in Files app" if the authorizing official (AO) has not approved the use of DOD-approved USB storage drives with iOS/iPadOS devices.V-274438HIGHAll Apple iOS/iPadOS 17 installations must be removed.