macos_security/rules/os/os_force_encrypted_backups_enable.yaml at 7add53f768c014c19a46a8f35f18a8b226d6d396 · root3nl/macos_security · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
id: os_force_encrypted_backups_enable
title: Ensure Force Encrypted Backups is Enabled
discussion: |
  iOS and iPadOS backups _MUST_ be encrypted.
check: ' '
fix: |
  This is implemented by a Configuration Profile.
references:
  cce:
    - CCE-95658-1
  cci:
    - CCI-000366
    - CCI-000370
    - CCI-000381
  800-53r5:
    - CM-7
    - CM-7(1)
    - CP-09(8)
    - SC-28
  sfr:
    - 'FMT_SMF_EXT.1.1 #47'
  disa_stig:
    - AIOS-26-010700
  indigo:
    - ANNEX D (Section 5.3 - Description of security/key management)
    - ANNEX K
  cis:
    benchmark:
      - 2.2.1.4 (level 1 - End-User Owned Devices)
      - 3.2.1.10 (level 1 - Institutionally-Owned Devices)
    controls v8:
      - 11.3
  bio:
    - 8.12
iOS:
  - '26.0'
tags:
  - ios
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
  - cis_lvl1_byod
  - cis_lvl2_byod
  - cis_lvl1_enterprise
  - cis_lvl2_enterprise
  - cisv8
  - indigo_base
  - indigo_high
  - cnssi-1253_moderate
  - cnssi-1253_low
  - cnssi-1253_high
  - ios_stig
  - nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true
mobileconfig_info:
  com.apple.applicationaccess:
    forceEncryptedBackup: true