2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'

Information

This recommendation pertains to whether Safari, as well as Mobile Device Management (MDM) deployed browsers, will consider certain URL patterns for managed application spaces only.

Rationale:

Sensitive files available from a website may be downloaded into the unmanaged application spaces by default. By configuring specific domains that Safari should consider managed, an institution may support the secure containerization of their data.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the Configuration Profile:

Open Apple Configurator.

Open the Configuration Profile.

In the left window pane, click on the Domains tab.

In the right window pane, under Managed Safari Web Domains enter the appropriate URL pattern(s).

Deploy the Configuration Profile.

Additional Information:

For improved effectiveness, this recommendation should be paired with the blacklisting of web browsers not deployed through the MDM.

See Also

https://workbench.cisecurity.org/benchmarks/6168