iOS is an operating system for smartphones and tablets, developed by Apple exclusively for its products.
This post discuss about some aspects of security on iOS.
iOS Security Certifications for Professionals
This section summarizes some certifications for professionals (i.e., people).
GIAC iOS and macOS Examiner (GIME) certification validates a practitioner’s knowledge of Mac and iOS computer forensic analysis and incident response skills. GIME-certified professionals are well-versed in traditional investigations as well as intrusion analysis scenarios for compromised Apple devices.
You can find more info about GIME on this external link.
iOS Hardening Guides
This is a non-exhaustive list of Android Hardening Guides
- Apple Platform Security
- CIS AppleiOS Benchmarks
- DISA Android STIGs
- NIST NCP
- CNN STICs
- Intune Security Baselines
This hardening guides could also called benchmark, guideline, guide, baseline or STIG.
In this post, we understand hardening guide as a document that provide advice or instructions about how to securely configure or deploy a system, in this case iOS.
Apple Platform Security
CIS Apple iOS Benchmarks
Center of Internet Security (CIS) is a non-profit private organization for internet security.
CIS published a guide for securing Apple iOS, that can be found on this external link.
DISA Apple iOS STIGs
The Defense Information Systems Agency (DISA), that belongs to the Department of Defense (DoD) of the USA, develops Security Technical Implementation Guides (STIGs) for different operating system.
DISA develop and upload STIGs that are uploaded to the public STIG Document Library of the portal DoD Cyber Exchange, and can be access from this external link.
There is one Apple iOS STIG by DISA. You can filter them by choosing the filter group “Mobility” > “Smartphone”.
USA National Institute of Standards and Technology (NIST) does not develop its own guidelines or baselines, but has a catalog called NCP (National Checklist Program) that collects both CIS benchmarks and DISA guidelines.
You can find the NCP on this external link.
You can filter by Target “Apple iOS” plus the version number to find the linked. You can also search the keyword “iOS”.
Centro Criptologico Nacional (CCN) of the Government of Spain issues STICs (from the Spanish Seguridad de las Tecnologías de Información y Comunicaciones), that are security guides on different topics.
Some of these STICs guides are about Android:
- CCN-STIC 454 “Seguridad en iPad (iOS 7)”
- CCN-STIC 455 “Seguridad en iPhone (iOS 7)”
Intune Security Baselines
Intune is a Microsoft Mobile Device Management (MDM) tool that is compatible with iOS devices.
Intune has a security baseline for iOS.
Check this external link to read more about Intune’s iOS/iPadOS security configuration framework.