Check: AOSX-13-000561
Apple OS X 10.13 STIG:
AOSX-13-000561
(in versions v2 r5 through v2 r1)
Title
The macOS system must disable iCloud Photo Library. (Cat II impact)
Discussion
To support the requirements and principles of least functionality, the operating system must support the organizational requirements, providing only essential capabilities and limiting the use of ports, protocols, and/or services to only those required, authorized, and approved to conduct official business or to address authorized quality-of-life issues. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000370-GPOS-00155
Check Content
To check if the system has the correct setting in the configuration profile to disable access to the iCloud preference pane, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep -A 5 DisabledPreferencePanes | grep icloud If the return is not “com.apple.preferences.icloud”, this is a CAT I finding. To view the setting for the iCloud Photo Library configuration, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowCloudPhotoLibrary If the output is null or not "allowCloudPhotoLibrary = 0" this is a finding.
Fix Text
This setting is enforced using the "Restrictions" configuration profile.
Additional Identifiers
Rule ID: SV-214875r609363_rule
Vulnerability ID: V-214875
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
CCI-001774 |
The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system. |