2.5.3 Ensure Location Services Is Enabled

Information

macOS uses location information gathered through local Wi-Fi networks to enable applications to supply relevant information to users. With the operating system verifying the location, users do not need to change the time or the time zone. The computer will change them based on the user's location. They do not need to specify their location for weather or travel times, and they will receive alerts on travel times to meetings and appointments where location information is supplied.

Location Services simplify some processes with mobile computers, such as asset management and time or log management.

There are some use cases where it is important that the computer not be able to report its exact location. While the general use case is to enable Location Services, it should not be allowed if the physical location of the computer and the user should not be public knowledge.

Rationale:

Location Services are helpful in most use cases and can simplify log and time management where computers change time zones.

Solution

Graphical Method:
Perform the following steps to enable Location Services:

Open System Preferences

Select Security & Privacy

Select Privacy

Set Enable Location Services to enabled

Terminal Method:
Run the following command to enable Location Services:

$ /usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.locationd.plist

If the com.apple.locationd.plist outputs 0, run the following command to also ensure Location Services is running:

$ /usr/bin/sudo /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd LocationServicesEnabled -bool false

$ /usr/bin/sudo /bin/launchctl kickstart -k system/com.apple.locationd

Note: In some use cases, organizations may not want Location Services running. To disable Location Services, System Integrity Protection must be disabled.

See Also

https://workbench.cisecurity.org/benchmarks/14563

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: 2149ca737c1f36f69a1c964d8412036b4174bf42c015b256d347e9d27fb01c18