| DoD sensitive data (CUI/FOUO) or PII data downloaded from DoD web sites via Safari will be saved by default in a non-managed app on a DoD iOS device. If the device is wiped via an MDM Enterprise remote wipe command, data saved in non-managed apps will not be deleted and may be accessible to unauthorized people that have access to the MDM-wiped device. If the device is wiped via a Full Device MDM remote wipe command, all data on the device, including managed and unmanaged, will be deleted, but a Full Device wipe may not be appropriate for devices that have been authorized for personal use and have personal data stored on them or are BYOD devices. The risk in not using a Full Device wipe can be mitigated if a Managed Domain Configuration profile is installed on all managed iOS devices that contains a list of all DoD web domains that may have sensitive DoD data (CUI/FOUO) and PII data (primarily DoD web domains that require DoD PKI authentication credentials to access the web site).
SFR ID: FMT_SMF_EXT.1.1 #9, 19, 28, 45g |