2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'

Information

This recommendation pertains to whether Safari, and MDM deployed browsers, will consider certain URL patterns as for managed app spaces only.

Rationale:

Sensitive files available from a website may be downloaded into the unmanaged app spaces by default. By configuring the specific domains that Safari should consider managed, an institution may support the secure containerization of their data.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the Configuration Profile:
1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the 'Domains' tab.
4. In the right windowpane, under 'Managed Safari Web Domains' enter the appropriate URL pattern(s).
5. Deploy the Configuration Profile.

Impact:

None.

See Also

https://workbench.cisecurity.org/files/1806