Information
Apple provides the capability to manage macOS, iOS and iPadOS using Mobile Device Management (MDM). Profiles are used to configure devices to enforce security controls as well as to configure the devices for authorized access. Many security controls available on Apple devices are only available through the use of profile settings using MDM. This capability is also misused by attackers who have added rogue profiles to the list of unwanted software and fake software updates to induce users to approve the installation of malicious content. Organizations should have Mobile Device management software in place to harden organizationally managed devices and take advantage of additional Apple controls as well as to make the devices more resistant to attackers enticing users to install unwanted content from rogue MDMs.
Mobile Device Management is the preferred Apple method to manage Apple devices. Some capability in this technology is a requirement for the enforcement of some controls. Users with managed devices should be trained and familiar with authorized content provided through the organization's MDM.
Solution
Enroll the system in a Mobile Device Management software.
Impact:
An MDM is yet another additional tool that requires technically adept personnel to manage correctly. In theory, proper use of an MDM can make services provisioning simpler with configuration profiles to reach authorized services.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1
Control ID: 9583f8f08fa3aff22f7bb7d28f9533d2056ba106e7b896d4ea472d3d8447bdb3