3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled'

Information

This recommendation pertains to the storage and sync of data through iCloud from institutionally owned devices.

Rationale:

Institutionally owned devices are often connected to personal iCloud accounts. This is expected and normal. The data from institutionally owned devices though should not co-mingle with the end-user's personal data. This poses a potential avenue of data leakage.

Solution

Open Apple Configurator.

Open the Configuration Profile.

In the left windowpane, click on the Restrictions tab.

In the right windowpane, under the tab Functionality, uncheck the checkbox for Allow iCloud documents & data.

Deploy the Configuration Profile.

See Also

https://workbench.cisecurity.org/files/3064