2.6.4 iCloud Drive Document and Desktop sync - Desktop

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

With macOS 10.12 Apple introduced the capability to have a user's Desktop and Documents folders automatically synchronize to the user's iCloud Drive, providing they have enough room purchased through Apple on their iCloud drive. This capability mirrors what Microsoft is doing with the use of OneDrive and Office 365. There are concerns with using this capability.

The storage space that Apple provides for free is used by users with iCloud mail, all of a user's Photo Library created with the ever larger Multi-Pixel iPhone cameras and all of the iOS Backups. Adding a synchronization capability for users who have files going back a decade or more and storage may be tight without much larger Apple charges than the free 5GB. Users with multiple computers running 10.12 and above with unique content on each will have issues as well.

Enterprise users may not be allowed to store Enterprise information in a third party public cloud. In previous implementations iCloud Drive or even DropBox the user selected what files were synchronized even if there were no other controls. The new feature synchronizes all files in a folder widely used to put working files.

The automatic synchronization of all files in a user's Desktop and Documents folders should be disabled.

https://derflounder.wordpress.com/2016/09/23/icloud-desktop-and-documents-in-macos-sierra-the-good-the-bad-and-the-ugly/

Rationale:

Automated Document synchronization should be planned and controlled to approved storage.

Impact:

Users will not be able to use iCloud for the automatic sync of the Desktop and Documents folders.

Solution

Perform the following to disable iCloud Desktop and Document syncing:
Graphical Method:

Open System Preferences

Select Apple ID

Select iCloud

Select iCloud Drive

Select Options next to iCloud Drive

Uncheck Desktop & Documents Folders

See Also

https://workbench.cisecurity.org/files/3195

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CSCv7|13.4

Plugin: Unix

Control ID: b68a9ac7c127a3dc074170a706ae6d7cdbe9c1696f4642b099b31bef51a07811