2.18.1 Audit Dictation

Information

The use of dictation is likely to include editing documents with confidential information. While Apple does have controls to obfuscate voice data that exists on their servers it is recommended that Dictation collected information does not leave the local Mac.

Sending data from dictation to the Siri servers could allow data spillage to occur. From a control perspective it is much safer to ensure information of various levels of confidential is retained locally.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Graphical Method:

Perform the following steps to ensure the firewall is enabled:

- Open System Settings
- Select Keyboard
- Set Dictation to your organization's requirements

Impact:

Keeping all dictation on-device does not allow the system to better understand and learn, through machine learning, from the user.

See Also

https://workbench.cisecurity.org/benchmarks/15551

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: f130f47bcae1391ab67170dac17c7bb4e5dd99fe1e30379d132dcb4cd56ba957