Businesses considering or already issuing Apple iPhones as an enterprise approved smartphone option now have a prescriptive benchmark on how best to arrive at a secure configuration.
The Center for Internet Security has announced the release of a consensus security benchmark for the Apple iPhone, which is intended to show how the security configuration features of the device can be used to reduce the risk of data stored on the device being compromised.
“The benchmark walks you through more than 20 step-by-step recommendations for system settings, Safari settings and iPhone Configuration Utility settings that address critical issues such as reducing the remote attack surface of the phone, securely erasing data and requiring strong passwords,” said Blake Frantz, CTO for the CIS.
The not-for-profit organisation’s benchmark saves security administrators from having to develop their own custom policies and ensures compliance with the configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.
CIS now maintains 43 benchmarks for operating systems, middleware, devices and software applications and distributes them free of charge from its web site. The CIS Security Configuration Benchmark for Apple iPhone provides prescriptive guidance for establishing a secure configuration posture for the iPhone OS version 2.2.1.
