Information
iCloud Drive is Apple's storage solution for applications on both macOS and iOS to use the same files that are resident in Apple's cloud storage. The iCloud Drive folder is available much like Dropbox, Microsoft OneDrive or Google Drive.
One of the concerns in public cloud storage is that proprietary data may be inappropriately stored in an end user's personal repository. Organizations that need specific controls on information should ensure that this service is turned off or the user knows what information must be stored on services that are approved for storage of controlled information.
Rationale:
Organizations should review third party storage solutions pertaining to existing data confidentiality and integrity requirements.
Impact:
Users will not be able to use continuity on macOS to resume the use of newly composed but unsaved files
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Perform the following to set iCloud Drive to your organization's requirements:
Graphical Method:
Open System Preferences
Select Apple ID
Select iCloud
Uncheck iCloud Drive if cloud storage is not allowed for your organization
Profile Method:
Create or edit a configuration profile with the PayLoadType of com.apple.applicationaccess
Add the key allowCloudDocumentSync
Set the key to </true> or </false> based on your organization's requirements
Note: iCloud Keychain and iCloud Drive must be set in a single configuration profile.
Item Details
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|AC-20(1), 800-53|AC-20(2), 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1
Control ID: 49b0e7846211cc1e3b0e4edfa4a81b38e77a843b2bac9e6ffd93d967c6c45fbc