Catalina - Disable Mail App

Information

The macOS built-in Mail.app _MUST_ be disabled.

The Mail.app contains functionality that can establish connections to Apple's iCloud, even when security controls to disable iCloud access have been put in place.

[IMPORTANT]
====
Some organizations allow the use of the built-in Mail.app for organizational communication. Information System Security Officers (ISSOs) may make the risk-based decision not to disable the macOS built-in Mail.app to avoid losing this functionality, but they are advised to first fully weigh the potential risks posed to their organization.
====

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.applicationaccess.new:
familyControlsEnabled:
True
pathBlackList:
/Applications/Mail.app

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-20, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-7a., CCE|CCE-84769-9, CCI|CCI-000381, STIG-ID|AOSX-15-002019

Plugin: Unix

Control ID: 025d4249ec5cf895939e26c591148f3d593920cb90e6a333e28cceb9c828092a