2.6.7 Audit Lockdown Mode

Information

Apple introduced Lockdown Mode as a security feature in their 2022 OS releases that provides additional security protection Apple describes as

extreme

. Users and organizations that suspect some users are targets of advanced attacks must consider using this control.

When lockdown mode is enabled, specific trusted websites can be excluded from Lockdown protection if necessary.

Lockdown Mode was designed by Apple as an aggressive approach to commonly attacked OS features where additional controls could reduce the attack surface. IT systems and devices, including their users, are subject to continuous exploit attempts. Most of that activity is not from an advanced attacker and can be considered background noise to a patched, hardened device. Advanced attackers are of more concern and a risk review to understand organizational targets and use Lockdown Mode where appropriate is necessary.

Solution

Graphical Method:

Perform the following steps to set Lockdown Mode to your organization's requirements:

- Open System Settings
- Select Privacy & Security
- Set Lockdown Mode to your organization's parameters

Impact:

Lockdown Mode must be tested appropriately for real-world impact on users prior to use. As a new feature there is not sufficient technical reporting on user impacts.

See Also

https://workbench.cisecurity.org/benchmarks/18636

Item Details

Category: CONFIGURATION MANAGEMENT, MAINTENANCE

References: 800-53|CM-7, 800-53|MA-4, CSCv7|16.2

Plugin: Unix

Control ID: cee1685546492522e591ed4e5e03da9d560b68988864e8c6d98edea6ad33a56c