2.5.7 Monitor Location Services Access

Information

macOS uses location information gathered through local Wi-Fi networks to enable applications to supply relevant information to users. While location services may be very useful it may not be desirable to allow all applications that can use location services to use your location for Internet queries to provide tailored content based on your current location.

Ensure that the applications that can use Location Services are authorized to use that information and provide that information where the application interacts with external systems. Apple provides feedback within System Preferences and may be enabled to provide information on the menu bar when Location Services are used.

Safari can deny access from websites or prompt for access.

Applications that support Location Services can be individually controlled in the Privacy tab in Security & Privacy under System Preferences.

Access should be evaluated to ensure that privacy controls are as expected.

Rationale:

Privacy controls should be monitored for appropriate settings

Impact:

Many macOS services rely on location services for tailored services. Users expect their time zone and weather to be relevant to where they are without manual intervention. Find my Mac does need to know where your Mac actually is. Where possible the tolerance between location privacy and convenience may be best left to the user when the location itself is not sensitive. If facility locations are not public location information should be tightly controlled

Solution

Perform the following to disable unnecessary applications from accessing location services:

Open System Preferences

Select Security & Privacy

Select Privacy

Select Location Services

Uncheck applications that are not approved for access to location service information

Perform the following to set websites to ask for permission to access location services:

Open Safari

Select Safari from the menu bar

Select Websites

Select Location

Set When visiting other websites to Ask or Deny

See Also

https://workbench.cisecurity.org/files/3013

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-8(8)

Plugin: Unix

Control ID: 5fc1a5f744def3e7c3ad81cb2586ea08080d220649b2604d526acf1b2f591b3e