2.1.1.6 Audit Find My Mac

Information

Find My is Apple's consumer solution for device tracking of your devices. This allows a user to track the location of devices associated with their Apple ID. This is a great solution for consumer or user device management and tracking, but it is not meant to be an enterprise management solution to device tracking and information management on enterprise managed devices. There are multiple enterprise MDM solutions for managing organizational devices.

An enterprise solution should be used for tracking and information management of all devices including Apple devices, Apple's Find My solution only handles Apple devices. If no enterprise solution is available, Find My provides capabilities for a user to manage and track Apple devices. It is not designed as an enterprise solution, and should not be used as one. It is better to allow the user to track devices that use their Apple ID then to have no tracking at all.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Graphical Method:

Perform the following steps to set Security Keys is set to your organization's requirements:

- Open System Settings
- Select Apple ID
- Select iCloud
- Select Show More Apps..
- Set Find My Mac is set to your organization's requirements

Impact:

There should be no impact on the user while using the device. If someone other than the user has access to tracking information, this can impact the user and needs to be researched. Users should audit to ensure that only authorized people should have access to your location. Using multiple solutions for device tracking can unnecessary complexity.

See Also

https://workbench.cisecurity.org/benchmarks/15551

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|AC-20(1), 800-53|AC-20(2), 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: 81ef669b1215ef8216203fe2f879e279309cc5eac8584d1e2ea968a9f3684e96