Information
macOS uses location information gathered through local Wi-Fi networks to enable applications to supply relevant information to users. While location services may be very useful it may not be desirable to allow all applications that can use location services to use your location for Internet queries to provide tailored content based on your current location.
Ensure that the applications that can use Location Services are authorized to use that information and provide that information where the application interacts with external systems. Apple provides feedback within System Preferences and may be enabled to provide information on the menu bar when Location Services are used.
Safari can deny access from websites or prompt for access.
Applications that support Location Services can be individually controlled in the Privacy tab in Security & Privacy under System Preferences.
Access should be evaluated to ensure that privacy controls are as expected.
Rationale:
Privacy controls should be monitored for appropriate settings
Impact:
Many macOS services rely on location services for tailored services. Users expect their time zone and weather to be relevant to where they are without manual intervention. Find my Mac does need to know where your Mac actually is. Where possible the tolerance between location privacy and convenience may be best left to the user when the location itself is not sensitive. If facility locations are not public location information should be tightly controlled
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Safari Configuration
Perform the following to implement the prescribed state:
1. Open Safari
2. Select Safari from the menu bar
3. Select Websites
4. Select Location
5. When visiting other websites should be set to Ask or Deny
Perform the following to review applications in System Preferences:
1. Open System Preferences
2. Select Security & Privacy
3. Select Privacy
4. Select Location Services
5. Uncheck applications that are not approved for access to location service information