2.6.1.2 Audit iCloud Keychain

Information

The iCloud keychain is Apple's password manager that works with macOS and iOS. The capability allows users to store passwords in either iOS or macOS for use in Safari on both platforms and other iOS-integrated applications. The most pervasive use is driven by iOS use rather than macOS. The passwords stored in a macOS keychain on an Enterprise-managed computer could be stored in Apple's cloud and then be available on a personal computer using the same account. The stored passwords could be for organizational as well as for personal accounts.

If passwords are no longer being used as organizational tokens they are not in scope for iCloud keychain storage.

Rationale:

Ensure that the iCloud keychain is used consistently with organizational requirements.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following to set iCloud keychain sync based on your organization's requirements:
Graphical Method:

Open System Preferences

Select iCloud

Uncheck (or check) Keychain to meet your organization's requirements

Profile Method:

Create or edit a configuration profile with the PayLoadType of com.apple.applicationaccess

Add the key allowCloudKeychainSync

Set the key to your organization's requirements

Note: iCloud Keychain and iCloud Drive must be set in a single configuration profile.

See Also

https://workbench.cisecurity.org/files/3569

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|AC-20(1), 800-53|AC-20(2), 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1, CSCv7|9.2

Plugin: Unix

Control ID: 1ada34529737be965cad7b354fdf47b379998a5259518857c396ea23f9083fe8