iOS Security

iOS is an operating system for smartphones and tablets, developed by Apple exclusively for its products.

This post discuss about some aspects of security on iOS.

iOS Security Certifications for Professionals

This section summarizes some certifications for professionals (i.e., people).

GIAC’s GIME

GIAC iOS and macOS Examiner (GIME) certification validates a practitioner’s knowledge of Mac and iOS computer forensic analysis and incident response skills. GIME-certified professionals are well-versed in traditional investigations as well as intrusion analysis scenarios for compromised Apple devices.

You can find more info about GIME on this external link.

iOS Hardening Guides

This is a non-exhaustive list of Android Hardening Guides

Apple Platform Security
CIS AppleiOS Benchmarks
DISA Android STIGs
NIST NCP
CNN STICs
Intune Security Baselines

This hardening guides could also called benchmark, guideline, guide, baseline or STIG.

In this post, we understand hardening guide as a document that provide advice or instructions about how to securely configure or deploy a system, in this case iOS.

Apple Platform Security

You can read about Apple Platform Security on this e x t e r n a l link.

CIS Apple iOS Benchmarks

Center of Internet Security (CIS) is a non-profit private organization for internet security.

CIS published a guide for securing Apple iOS, that can be found on this external link.

DISA Apple iOS STIGs

The Defense Information Systems Agency (DISA), that belongs to the Department of Defense (DoD) of the USA, develops Security Technical Implementation Guides (STIGs) for different operating system.

DISA develop and upload STIGs that are uploaded to the public STIG Document Library of the portal DoD Cyber Exchange, and can be access from this external link.

There is one Apple iOS STIG by DISA. You can filter them by choosing the filter group “Mobility” > “Smartphone”.

NIST NCP

USA National Institute of Standards and Technology (NIST) does not develop its own guidelines or baselines, but has a catalog called NCP (National Checklist Program) that collects both CIS benchmarks and DISA guidelines.

You can find the NCP on this external link.

You can filter by Target “Apple iOS” plus the version number to find the linked. You can also search the keyword “iOS”.

CCN STICs

Centro Criptologico Nacional (CCN) of the Government of Spain issues STICs (from the Spanish Seguridad de las Tecnologías de Información y Comunicaciones), that are security guides on different topics.

Some of these STICs guides are about Android:

CCN-STIC 454 “Seguridad en iPad (iOS 7)”
CCN-STIC 455 “Seguridad en iPhone (iOS 7)”

Intune Security Baselines

Intune is a Microsoft Mobile Device Management (MDM) tool that is compatible with iOS devices.

Intune has a security baseline for iOS.

Check this external link to read more about Intune’s iOS/iPadOS security configuration framework.