2.7.5 iCloud Drive Desktop sync

Information

With macOS 10.12 Apple introduced the capability to have a user's Desktop folder automatically synchronize to the user's iCloud Drive, providing they have enough room purchased through Apple on their iCloud drive. This capability mirrors what Microsoft is doing with the use of OneDrive and Office 365. There are concerns with using this capability.

The storage space that Apple provides for free is used by users with iCloud mail, all of a user's Photo Library created with the ever larger Multi-Pixel iPhone cameras and all of the iOS Backups. Adding a synchronization capability for users who have files going back a decade or more and storage may be tight without much larger Apple charges than the free 5GB. Users with multiple computers running 10.12 and above with unique content on each will have issues as well.

Enterprise Users may not be allowed to store Enterprise information in a third party public cloud. In previous implementations iCloud Drive or even DropBox the user selected what files were synchronized even if there were no other controls. The new features synchronize all files in a folder widely used to put working files.

The automatic synchronization of all files in a user's Desktop folder should be disabled

https://derflounder.wordpress.com/2016/09/23/icloud-desktop-and-documents-in-macos-sierra-the-good-the-bad-and-the-ugly/

Rationale:

Automated Desktop synchronization should be planned and controlled to approved storage.

Impact:

Users will not be able to use iCloud for automatic Desktop sync.

Solution

Perform the following to implement the prescribed state:

Open System Preferences

Select iCloud

Select iCloud Drive

Select Options next to iCloud Drive

Uncheck Desktop & Documents Folders

See Also

https://workbench.cisecurity.org/files/3092

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 8daf8fb4a2dec3e6a466d3243c250bd9f61c3e6601b0db8cdc5eabffc7612d49