About this Guide

This guide provides instructions and techniques for Australian government agencies to harden the security of iOS 5 devices.

Implementing the techniques and settings found in this document can affect system functionality, and may not be appropriate for every user or environment.

However agencies wishing to differ from the mandatory controls specified in this guide must note that the product will no longer fall under the evaluated configuration. In these cases, agencies should seek approval for non-compliance from their agency head and/or accreditation authority to allow for the formal acceptance of the risks involved.

iOS Evaluation

As per the Evaluated Product List, the Defence Signals Directorate (DSD) has found Apple iOS data protection classes A and B to be suitable for downgrading the handling of PROTECTED information to that of Unclassified. This document provides guidance on policy that either must be enforced or is at the agency’s discretion.

iOS and the Australian Government Information Security Manual

This guide reflects policy specified in the ISM. Not all ISM requirements can currently be implemented on iOS 5 devices. In these cases, risk mitigation measures are provided (see Appendix E).

Chapter Six provides recommended passcode settings for iOS devices. This advice has been developed based on an assessment of security risks related specifically to iOS 5, and takes precedence over the non-platform specific advice in the ISM.