| 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. |
2. Select each security policy iOS devices are assigned to and, in turn, verify the required settings are in the policy. Verify that "Grace period" is checked and the sum of the "Auto-Lock" and "Grace period" values is 15 minutes or less. Acceptable combinations include a 15-minute "Auto-Lock" and an "Immediate" (or null) "Grace period", or a 5-minute "Auto-Lock" and a 5-minute "Grace period". On some MDM systems, the "Grace period" may be called "Passcode Lock" or a similar label.
If the required rule is not set up on the MDM server, this is a finding.
Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database.