3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled'

Information

This recommendation pertains to managed apps storing and syncing data through iCloud.

Rationale:

This recommendation addresses data leakage. It prevents a user from installing the app that is managed by the organization on a personal device and having iCloud sync the managed app data to the personal, non-managed app.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the 'Restrictions' tab.
4. In the right windowpane, under the tab 'Functionality', 'uncheck' the checkbox for 'Allow managed apps to store data in iCloud'.
5. Deploy the Configuration Profile.

Impact:

Data created on the device may be lost if the end user has not transferred it to another device.

See Also

https://workbench.cisecurity.org/files/1806

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|14

Plugin: MDM

Control ID: 10d4adec871f695928a178e725f58aa2c1edde2ad271dd60c84fc0586dd0f123