The Defence Signals Directorate has released hardening guidelines for Apple iOS 4 devices as part of its assessment of the operating system.
The DSD has not yet authorised iOS devices for agencies classified as Restricted/Protected and expects to complete its full evaluation by September this year.
It has recommened or mandated, according to classification levels, that agencies adopting an iPhone or iPad use cryptography, application whitelists, prevent synchronisation to iTunes and dump the MobileMe application.
Only unclassified agency staff can speak over GSM or use SMS and MMS. VoIP is also out because solutions have not yet been approved by US communications agency Sectera.
External email must also be blocked from hitting the inboxes of iOS devices unless it complies with security policies.
Protected and restricted agencies should use Mobile Device Management (MDM), use a dedicated mail container, Virtual Desktop Infrastructure, or two-factor authentication with Exchange ActiveSync, the document stated.
Passwords must be complex, more than eight characters and set for all devices to expire no later than three months. Devices should autolock after five minutes and autowipe after five incorrect password attempts.
The agency also recommended per user RADIUS or 802.1x with a device identity certificate and username and password over WPA2.
Cisco's IPsec was the only VPN to be recommended at the time the document was issued.