3.2.1.6 Ensure 'Allow iCloud Keychain' is set to 'Disabled'

Information

This recommendation pertains to iCloud performing Keychain synchronization.

Rationale:

It is normal and expected for end-users to enter their personal iCloud credentials onto institutionally owned devices. Because of this, iCloud Keychain presents an unnecessary risk to credentials because they may be shared onto Jailbroken or otherwise compromised devices.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the 'Restrictions' tab.
4. In the right windowpane, under the tab 'Functionality', 'uncheck' the checkbox for 'Allow iCloud Keychain'.
5. Deploy the Configuration Profile.

Impact:

None.

See Also

https://workbench.cisecurity.org/files/1688

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|14

Plugin: MDM

Control ID: 0bc7e8f603b149cc3e69747c4bd678e91c52219391c62e29b4a150e446f1d8a1