Information
macOS uses location information gathered through local Wi-Fi networks to enable applications to supply relevant information to users. While Location Services may be very useful, it may not be desirable to allow all applications that can use Location Services to use your location for Internet queries to provide tailored content based on your current location.
Ensure that the applications that can use Location Services are authorized to use that information and provide that information where the application interacts with external systems. Apple provides feedback within System Preferences and may be enabled to provide information on the menu bar when Location Services are used.
Safari can deny access from websites or prompt for access.
Applications that support Location Services can be individually controlled in the Privacy tab in Security & Privacy under System Preferences.
Access should be evaluated to ensure that privacy controls are as expected.
Rationale:
Privacy controls should be monitored for appropriate settings.
Impact:
Many macOS services rely on Location Services for tailored services. Users expect their time zone and weather to be relevant to where they are without manual intervention. Find my Mac does need to know where your Mac actually is. Where possible the tolerance between location privacy and convenience may be best left to the user when the location itself is not sensitive. If facility locations are not public location information should be tightly controlled.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Perform the following to disable unnecessary applications from accessing Location Services:
Open System Preferences
Select Security & Privacy
Select Privacy
Select Location Services
Uncheck applications that are not approved for access to Location Service information
Perform the following to set websites to ask for permission to access Location Services:
Open Safari
Select Safari from the menu bar
Select Preferences
Select Websites
Select Location
Set When visiting other websites to Ask or Deny
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-7(2), 800-53|CM-8(3), 800-53|CM-9, 800-53|CM-10, 800-53|CM-11, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|2.6, CSCv7|5.1
Control ID: ec17c88cc03a258c4a2f41a1b21c76b78f8f01a7604e275436e6240902dca057