3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled'

Information

This recommendation pertains to the storage and sync of data through iCloud from institutionally owned devices.

Rationale:

Institutionally owned devices are often connected to personal iCloud accounts. This is expected and normal. The data from institutionally owned devices though should not co-mingle with the end-user's personal data. This poses a potential avenue of data leakage.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the 'Restrictions' tab.
4. In the right windowpane, under the tab 'Functionality', 'uncheck' the checkbox for 'Allow iCloud documents & data'.
5. Deploy the Configuration Profile.

Impact:

None.

See Also

https://workbench.cisecurity.org/files/1806

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|14

Plugin: MDM

Control ID: c78540040585f507f24e334961aa8a77c88bf8333803bdf27d72fb52fd5bfdc3