2.1.1.6 Audit Find My Mac

Information

Find My is Apple's consumer solution for device tracking of your devices. This allows a user to track the location of devices associated with their Apple Account. This is a great solution for consumer or user device management and tracking, but it is not meant to be an enterprise management solution to device tracking and information management on enterprise managed devices. There are multiple enterprise MDM solutions for managing organizational devices.

An enterprise solution should be used for tracking and information management of all devices, including Apple devices. Apple's Find My solution only handles Apple devices. If no enterprise solution is available, Find My provides capabilities for a user to manage and track Apple devices. It is not designed as an enterprise solution, and should not be used as one. It is better to allow the user to track devices that use their Apple Account than to have no tracking at all.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Graphical Method:

Perform the following steps to set Security Keys is set to your organization's requirements:

- Open System Settings
- Select Apple Account
- Select iCloud
- Select Show More Apps..
- Set Find My Mac is set to your organization's requirements

Impact:

There should be no impact on the user while using the device. If someone other than the user has access to tracking information, this can impact the user and needs to be researched. Users should audit to ensure that only authorized people have access to your location. Using multiple solutions for device tracking can add unnecessary complexity.

See Also

https://workbench.cisecurity.org/benchmarks/18636

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|AC-20(1), 800-53|AC-20(2), 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: 2f1cfa3aaa8b8e3bd1f519e65a4e894c07585dd9d4ea12e5f30755c4ea394590