2.6.2.1 Audit Full Disk Access for Applications

Information

Starting with macOS 10.13, Apple enforces GUI access to the entire File System through System Preferences. Only Applications from known developers with mission requirements for Full Disk Access, such as security monitoring tools, should have Full Disk Access. Applications that have Full Disk Access can access restricted files and bypass macOS security controls. Any applications with that access should be organizationally authorized.

Any applications with Full Disk Access can bypass MacOS security controls and must be reviewed as organizationally accepted risk.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Graphical Method:

Perform the following steps to set full disk access for applications that meet your organization's requirements:

- Open System Settings
- Select Privacy & Security
- Select Full Disk Access
- Set any listed applications to your organization's requirements
- (Optional) Select the + to add applications to the list, or - to remove them

See Also

https://workbench.cisecurity.org/benchmarks/18636

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: 00fde6d4d51f37f59740049ef0d9d26bda3ca4551bfb9a0c7d4a86c70e72043a