Security benchmarks for iPhone and multi-function devices

The Center for Internet Security (CIS) announced the public release of its consensus security benchmarks for the Apple iPhone and Multi-Function Devices (MFD).

The new Apple iPhone benchmark introduces consumers and enterprise security specialists alike to the security configuration features of the iPhone and how they can be used to reduce the probability of data stored on the device from becoming compromised. The new Multi-Function Devices (MFD) benchmark provides configuration and deployment guidance for securing enterprise class print, copy, scan and fax machines. The guidance is device agnostic and focuses on the security-related features common to these platforms.

CIS benchmarks are user originated de facto standards for security configuration. The benchmarks are widely accepted and adopted in government, business, industry and academia as the basis for enterprise system and network configuration policies. By using the benchmarks, security professionals save tens of thousands of dollars in developing custom policies and avoid reinventing the wheel. Further, they enable compliance with the configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.

Securely configuring the iPhone and multi-function devices for the enterprise

With the Apple iPhone now one of the most popular cellular devices, it is becoming increasingly utilized in enterprise environments – and therefore increasingly likely to contain an organization’s confidential information.

The CIS Security Configuration Benchmark for Apple iPhone provides prescriptive guidance for establishing a secure configuration posture for the iPhone OS version 2.2.1 and leveraging the iPhone Configuration Utility (ICU) version 1.1.043.

Similarly, greater intelligence is being built-in to enterprise and consumer Multi-Function Devices. The CIS Security Benchmark for Multi-Function Devices helps identify and mitigate the security risks that these complex devices introduce to today’s network environment.

Where previously a printer, copier, scanner or a fax machine may have been simple to configure via several toggle switches, it may now contain a fully functional operating system with significant processing power. As a result, these devices have become a target for security intrusions. This risk is amplified by the fact that many devices are never configured beyond an IP address, rarely updated beyond basic asset management practices, and rarely scanned for vulnerabilities or monitored by an Intrusion Detection System.

The CIS Benchmark Roadmap for 2009

CIS now maintains 43 benchmarks for operating systems, middleware, devices and software applications and distributes them free of charge from its web site. Ten new benchmarks are on the roadmap for 2009: in addition to the iPhone and MFD benchmarks, some of the most anticipated releases and updates will include Sybase ASE, IBM AIX, DB2, Windows 7, Internet Explorer 8, and VMWare ESX Server.

Both benchmarks are available as free downloads here.

Don't miss