Monterey - Disable Mail App

Information

The macOS built-in Mail.app _MUST_ be disabled.

The Mail.app contains functionality that can establish connections to Apple's iCloud, even when security controls to disable iCloud access have been put in place.

[IMPORTANT]
====
Some organizations allow the use of the built-in Mail.app for organizational communication. Information System Security Officers (ISSOs) may make the risk-based decision not to disable the macOS built-in Mail.app to avoid losing this functionality, but they are advised to first fully weigh the potential risks posed to their organization.
====

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.applicationaccess.new:
familyControlsEnabled:
True
pathBlackList:
/Applications/Mail.app

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-20, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-7a., CCE|CCE-90946-5, CCI|CCI-000381

Plugin: Unix

Control ID: de30f67c9430d3b532d130717ce821b20bc8e89ca32afea6c376b58dc5ad98c3