Information
The use of dictation is likely to include editing documents with confidential information. While Apple does have controls to obfuscate voice data that exists on their servers it is recommended that Dictation collected information does not leave the local Mac.
Sending data from dictation to the Siri servers could allow data spillage to occur. From a control perspective it is much safer to ensure information of various levels of confidential is retained locally.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Graphical Method:
Perform the following steps to ensure the firewall is enabled:
- Open System Settings
- Select Keyboard
- Set Dictation to your organization's requirements
Impact:
Keeping all dictation on-device does not allow the system to better understand and learn, through machine learning, from the user.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1
Control ID: f130f47bcae1391ab67170dac17c7bb4e5dd99fe1e30379d132dcb4cd56ba957