The Center for Internet Security (CIS) has developed and issued the CIS iPhone 2.2.1 Benchmark v1.0.0 (you must register to download the PDF, but both registration and the iPhone benchmark are free). Using the CIS iPhone benchmark, you can create policies and procedures around iPhone security that can enable the iPhone to be more accepted as an enterprise mobile device.
Here is a high-level outline of the information provided in the CIS benchmark. The first section deals with settings that can be made directly on the phone. The second section deals with settings that are made through the iPhone Configuration Utility (ICU). ICU was developed by Apple to provide a tool for managing iPhones in the enterprise. It comes in both a Windows and a Mac OS X version. You can download ICU and other iPhone enterprise management tools from the Apple site.
- Settings on the iPhone
- iPhone Settings
- Update firmware to latest version
- Turn on Airplane Mode
- Turn off Wi-Fi
- Forget networks to prevent automatic rejoin
- Turn Off Ask to Join Networks
- Turn VPN off when not needed
- Turn Bluetooth off when not needed
- Turn Location Services off
- Set a passcode
- Set auto-lock timeout
- Disable show SMS preview when iPhone is locked
- Erase data upon excessive passcode failures
- Erase all data before return, repair, or recycle
- Safari Settings
- Disable JavaScript
- Disable plug-ins
- iPhone Settings
- iPhone Settings in the ICU
- Passcode Settings
- Require passcode on device
- Require alphanumeric value
- Set minimum passcode length
- Set a minimum number of complex characters
- Set maximum passcode age
- Set auto-lock timeout
- Erase data upon excessive passcode failures
- Passcode Settings
If you are allowing iPhones to connect to the enterprise network, or to store or transmit any company data, I suggest you take a look at the CIS iPhone 2.2.1 Benchmark v1.0.0 document and take steps to lock the device down so it can be used securely.