From Apple iOS 11 Security Technical Implementation Guide
Part of PP-MDF-991000
Associated with: CCI-000366
Configuration profiles define security policies on Apple iOS devices. If a user is able to remove a configuration profile, the user can then change the configuration that had been enforced by that policy. Relaxing security policies may introduce vulnerabilities that the profiles had mitigated. Configuring a profile to never be removed mitigates this risk.
Review configuration settings to confirm configuration profiles are not removable.
Note: This requirement is only applicable to sites that use an authorized alternative to MDM for distribution of configuration profiles (for example, use Apple configurator) or are enrolled in Apple's Device Enrollment Program (DEP). Unless the site is enrolled in DEP, this requirement is not applicable for devices enrolled in MDM.
This check procedure is performed on both the Apple iOS management tool and the Apple iOS device. The procedures below assume the site is not enrolled in DEP and are not applicable to devices under MDM management.
Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.
In the Apple iOS management tool, verify "Security" is set to "Never".
Alternatively, verify the text "
Configure the Apple iOS configuration profile such that it can never be removed.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer