iOS Hardening Configuration Guide - DSD
iOS Hardening Configuration Guide - DSD
iOS Hardening Configuration Guide - DSD
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
�<br />
�<br />
�<br />
Passcode<br />
(can be set via a EAS deppending<br />
on<br />
version, , OR Conffiguration<br />
Profilee):<br />
�<br />
�<br />
�<br />
�<br />
�<br />
�<br />
�<br />
�<br />
�<br />
Profile Security<br />
should d be “Removve<br />
Always” if setting is for convennience<br />
for us sers<br />
that does nnot<br />
contain any a sensitivve<br />
data (e.g g. a subscrib bed calendaar<br />
of Australian<br />
public holiddays).<br />
Opt-In<br />
MDM proffiles<br />
would usually fit in nto this cateegory<br />
as we ell.<br />
Profile secuurity<br />
would usually be “ “Remove with w Passcod de” for profiles<br />
that you u may<br />
want IT staaff<br />
to remove e temporariily.<br />
Generally<br />
users wo ould not get the passco ode to<br />
such profilees.<br />
Most profilees<br />
that are not n MDM mmanaged<br />
wo ould be set to t “Never”. The Passco ode<br />
policy profile,<br />
if used, should s be sset<br />
to “Neve er”.<br />
a maximumm<br />
passcode length of 990<br />
days;<br />
require passscode<br />
on device; d<br />
do NOT alloow<br />
simple value v (i.e. PPIN);<br />
require alphhanumeric;<br />
minimum oof<br />
8 characte ers;<br />
auto-lock oof<br />
5 minutes s (Note: Current<br />
maxim mum allowed<br />
time on iOOS);<br />
history of 8 passwords s;<br />
immediate device lock k; and<br />
auto-wipe oon<br />
5 failed attempts. a<br />
Dependding<br />
on the EAS versio on, only somme<br />
of the ab bove may be e set by thee<br />
EAS Serve er, and<br />
a configguration<br />
proofile<br />
would be b required. .<br />
26 | Defence S ignals<br />
Directo<br />
rate