mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-06-11 03:20:29 +01:00
172 lines
6.8 KiB
YAML
172 lines
6.8 KiB
YAML
title: "iOS/iPadOS 26.0: Security Configuration - All Rules"
|
|
description: |
|
|
This guide describes the actions to take when securing a iOS/iPadOS 26.0 system against the All Rules security baseline.
|
|
|
|
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
|
|
authors: |
|
|
*macOS Security Compliance Project*
|
|
|
|
|===
|
|
|Bob Gendler|National Institute of Standards and Technology
|
|
|Dan Brodjieski|National Aeronautics and Space Administration
|
|
|Allen Golbig|Jamf
|
|
|===
|
|
parent_values: "recommended"
|
|
profile:
|
|
- section: "icloud"
|
|
rules:
|
|
- icloud_backup_disabled
|
|
- icloud_drive_disable
|
|
- icloud_enterprisebook_metadata_sync_disable
|
|
- icloud_keychain_disable
|
|
- icloud_managed_apps_store_data_disabled
|
|
- icloud_photo_stream_disable
|
|
- icloud_photos_disable
|
|
- icloud_shared_photo_stream_disable
|
|
- section: "ios"
|
|
rules:
|
|
- os_account_modification_disable
|
|
- os_airdrop_disable
|
|
- os_airdrop_unmanaged_destination_enable
|
|
- os_airplay_incoming_password_require
|
|
- os_airplay_outgoing_password_require
|
|
- os_airprint_credential_storage_disable
|
|
- os_airprint_disable
|
|
- os_airprint_force_trusted_TLS
|
|
- os_allow_contacts_read_managed_sources_unmanaged_destinations_disable
|
|
- os_allow_contacts_write_managed_sources_unmanaged_destinations_disable
|
|
- os_allow_documents_managed_sources_unmanaged_destinations_disable
|
|
- os_allow_documents_unmanaged_sources_managed_destinations_disable
|
|
- os_apple_watch_pairing_disable
|
|
- os_apple_watch_wrist_detection_enable
|
|
- os_application_allow_list
|
|
- os_application_deny_list
|
|
- os_authentication_password_autofill_enable
|
|
- os_auto_correction_disable
|
|
- os_auto_dim_allow
|
|
- os_auto_unlock_disable
|
|
- os_automatic_app_download_disable
|
|
- os_bluetooth_modification_disable
|
|
- os_call_recording_disable
|
|
- os_camera_disable
|
|
- os_chat_disable
|
|
- os_default_browser_modification_disable
|
|
- os_default_calling_modification_disable
|
|
- os_default_messaging_modification_disable
|
|
- os_definition_lookup_disable
|
|
- os_device_name_change_disable
|
|
- os_diagnostics_reports_disable
|
|
- os_diagnostics_reports_modification_disable
|
|
- os_disallow_enterprise_app_trust
|
|
- os_enterprise_books_disable
|
|
- os_erase_contents_and_settings_disable
|
|
- os_esim_delete
|
|
- os_esim_transfers_disable
|
|
- os_exchange_SMIME_encryption_certificate_overwrite_disable
|
|
- os_exchange_SMIME_encryption_default_certificate_overwrite_enable
|
|
- os_exchange_SMIME_encryption_enforce
|
|
- os_exchange_SMIME_encryption_per_message_disable
|
|
- os_exchange_SMIME_signing_certificate_overwrite_disable
|
|
- os_exchange_SMIME_signing_enabled
|
|
- os_exchange_SMIME_signing_overwrite_disable
|
|
- os_exchange_mail_recents_sync_disable
|
|
- os_exchange_notes_disable
|
|
- os_exchange_notes_user_override_disable
|
|
- os_exchange_peraccountVPN
|
|
- os_exchange_reminders_disable
|
|
- os_exchange_reminders_user_override_disable
|
|
- os_external_intelligence_integration_disable
|
|
- os_external_intelligence_integration_sign_in_disable
|
|
- os_facetime_disable
|
|
- os_files_network_drive_access_disable
|
|
- os_files_usb_drive_access_disable
|
|
- os_find_my_friends_disable
|
|
- os_force_date_and_time_enable
|
|
- os_force_encrypted_backups_enable
|
|
- os_genmoji_disable
|
|
- os_handoff_disable
|
|
- os_hide_apps_disable
|
|
- os_ibeacon_airprint_disable
|
|
- os_image_playground_disable
|
|
- os_image_wand_disable
|
|
- os_install_configuration_profile_disable
|
|
- os_install_vpn_configuration_disable
|
|
- os_iphone_mirroring_disable
|
|
- os_iphone_widgets_on_mac_disable
|
|
- os_limit_ad_tracking_enable
|
|
- os_live_text_disable
|
|
- os_mail_block_remote_content
|
|
- os_mail_maildrop_disable
|
|
- os_mail_move_messages_disable
|
|
- os_mail_smart_reply_disable
|
|
- os_mail_summary_disable
|
|
- os_marketplace_prevent
|
|
- os_modify_cellular_data_app_settings_disable
|
|
- os_movie_content_allowed
|
|
- os_network_known_only
|
|
- os_new_device_proximity_disable
|
|
- os_notes_transcription_disable
|
|
- os_notes_transcription_summary_disable
|
|
- os_on_device_dictation_enforce
|
|
- os_on_device_translation_enforce
|
|
- os_pairing_non_configurator_hosts_disable
|
|
- os_password_autofill_disable
|
|
- os_password_proximity_disable
|
|
- os_password_sharing_disable
|
|
- os_personalized_advertising_disable
|
|
- os_personalized_handwriting_disable
|
|
- os_predictive_keyboard_disable
|
|
- os_rapid_security_responses_install_enable
|
|
- os_rapid_security_responses_remove_disable
|
|
- os_rcs_messaging_disable
|
|
- os_require_managed_pasteboard_enforce
|
|
- os_safari_JavaScript_disable
|
|
- os_safari_cookies_set
|
|
- os_safari_force_fraud_warning_enable
|
|
- os_safari_password_autofill_disable
|
|
- os_safari_popups_disable
|
|
- os_safari_reader_summary_disable
|
|
- os_screen_observation_remote_disable
|
|
- os_screen_observation_unprompted_disable
|
|
- os_screenshots_disable
|
|
- os_show_calendar_lock_screen_disable
|
|
- os_show_control_center_lock_screen_disable
|
|
- os_show_notification_center_lock_screen_disable
|
|
- os_siri_allow_dictation_disable
|
|
- os_siri_assistant_disable
|
|
- os_siri_server_logging_disable
|
|
- os_siri_user_generated_content_disable
|
|
- os_siri_when_locked_disabled
|
|
- os_spell_check_disable
|
|
- os_ssl_for_exchange_activesync_enable
|
|
- os_supervised_mdm_require
|
|
- os_system_settings_find_my_device_disable
|
|
- os_system_settings_find_my_friends_modification_disable
|
|
- os_tv_content_allowed
|
|
- os_unpaired_boot_disable
|
|
- os_untrusted_tls_disable
|
|
- os_update_OTAPKI_allow
|
|
- os_update_auto_RSR_allow
|
|
- os_update_enforced_software_update_delay
|
|
- os_usb_accessories_when_locked_disable
|
|
- os_video_conferencing_remote_control_disable
|
|
- os_visual_intelligence_summary
|
|
- os_voice_dialing_when_locked_disabled
|
|
- os_web_distribution_app_installation_disable
|
|
- os_writing_tools_disable
|
|
- section: "passwordpolicy"
|
|
rules:
|
|
- pwpolicy_account_lockout_enforce
|
|
- pwpolicy_alpha_numeric_enforce
|
|
- pwpolicy_force_pin_enable
|
|
- pwpolicy_history_enforce
|
|
- pwpolicy_max_grace_period_enforce
|
|
- pwpolicy_max_inactivity_enforce
|
|
- pwpolicy_minimum_length_enforce
|
|
- pwpolicy_simple_sequence_disable
|
|
- section: "Supplemental"
|
|
rules:
|
|
- supplemental_bsi
|
|
- supplemental_cis_manual
|
|
- supplemental_stig
|