maxkabakov - Fotolia
What are the CIS benchmarks for iOS security?
Devices are only as secure as end users enable them to be. Here's how IT can use CIS benchmarks to enforce strong iOS security standards across an organization.
Apple iOS devices are typically more secure than Google Android devices, but that doesn't mean they are without...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
Mobile devices can present significant security risks, especially as users store sensitive company data and perform work-related tasks on their personal devices.
Fortunately, resources such as the Center for Internet Security (CIS) benchmarks -- best practices that prevent unauthorized access to IT systems and malicious attacks -- can help mitigate security risks for both corporate-owned and personal devices. IT can use these benchmarks as a checklist to secure and roll out basic security configurations for iOS devices.
All about CIS
The CIS community, which is comprised of IT security professionals, continually updates and remediates its standards to ensure that its security measures are relevant. CIS scores its benchmarks from 0-100% to indicate how well an organization complies with each restriction. Failure to comply will decrease the overall score; compliance will increase the overall score. CIS doesn't score certain recommendations, which means that compliance or noncompliance with them will not affect the organization's score.
CIS categorizes its benchmarks into two levels. IT admins can quickly implement a Level 1 profile recommendation with little to no effect on the performance of their organizations. CIS designs Level 2 profile recommendations, on the other hand, for environments in which security is a high priority. These recommendations are more difficult to implement and can affect an organization negatively if done incorrectly.
CIS benchmarks include particular settings for functionalities, applications, passcodes, notifications, domains, virtual private networks and email. Each recommendation typically includes profile applicability, which states whether the benchmark applies to COPE or BYOD devices; a description of the benchmark; a rationale that delves into the security consequences; an audit that describes which steps admins should take; and a remediation that includes any OS updates and patches.
CIS benchmarks for iOS security
CIS recommends that end users disable Siri when their devices are locked. The rationale is that an unauthorized user can use Siri to access information beyond the lock screen, such as contacts and messaging. The audit includes a set of directions to change this setting via the device settings or a configuration profile.
CIS also recommends that IT use encrypted backups and enable automatic updates and the Find My iPhone functionality. IT should disable the ability to display the control center and notification center on a locked screen, as well as the ability to screenshot and use screen recording.
CIS also recommends enforcing the following iOS settings:
- Set the cookies from Websites I visit to From current website only.
- Set the auto-lock feature to two minutes or less.
- Set the grace period for devices to lock to immediately.
- Set the maximum number of failed attempts to enter the passcode to six.
Dig Deeper on Mobile security
Related Q&A from Alexander S. Gillis
What Microsoft Defender Antivirus features are on Windows?
While there are plenty of viable enterprise-grade third-party desktop security platforms, Microsoft has built out a strong array of native features ... Continue Reading
Is read-only mode a viable approach to container hardening?
Can containers work in read-only mode, and how does this setup make a difference in security hardening? Continue Reading
How do you optimize a virtual database server?
Avoid virtual database performance hiccups by incorporating monitoring and alerting tools. Stay abreast of any issues and head them off before users ... Continue Reading