Based upon both market trends and device usage on campus, the ISO has opted to provide recommendations for encrypting Apple, Blackberry, and Android based handheld devices.
Supported devices include the iPhone 3GS, iPhone 4, iPad, and iPod Touch (3rd generation or later) only, running iOS 4.x. Earlier versions of the hardware and operating system software do not support key security features, such as hardware encryption.
The only approved encryption method for iOS devices at this time is the built-in whole disk encryption that is provided with iOS 4 running on a supported device, with data protection enabled. Data protection allows the hardware encryption keys to be protected with the user's passcode. Without this, the encryption could be defeated with a simple jailbreak. If the device originally shipped with iOS 3 (e.g. the iPhone 3GS, iPad, and iPod Touch), data protection will not be enabled until the device is restored after upgrading to iOS 4. Older devices, such as the iPhone 3G, do not support data protection and as such, there is no approved encryption method for them.
To verify that data protection is enabled:
1. Tap Settings.
2. Tap General.
3. Tap Passcode Lock.
4. "Data protection is enabled" should be displayed at the bottom of the screen.
If data protection is not enabled, enable it by setting a passcode on the device:
1. Tap Settings.
2. Tap General.
3. Tap Passcode Lock.
4. Tap in a passcode.
5. Tap in the same passcode.
More information regarding this feature is available on Apple's site at iOS 4: Understanding data protection.
It is strongly advised that, in addition to data protection, all iOS users read the Apple iOS Hardening Checklist and follow all of the recommendations therein.