UCF STIG Viewer Logo

Users must not have Apple IDs signed into iCloud.


Overview

Finding ID Version Rule ID IA Controls Severity
V-67721 AOSX-11-001130 SV-82211r1_rule Medium
Description
Users should not sign into iCloud, as this leads to the possibility that sensitive data could be saved to iCloud storage or that users could inadvertently introduce viruses or malware previously saved to iCloud from other systems.
STIG Date
Apple OS X 10.11 Security Technical Implementation Guide 2018-01-04

Details

Check Text ( C-68287r1_chk )
To see if any user account has configured an Apple ID for iCloud usage, run the following command:

/usr/bin/sudo find /Users/ -name 'MobileMeAccounts.plist' -exec /usr/bin/defaults read '{}' \;

If the results show any accounts listed, this is a finding.
Fix Text (F-73835r1_fix)
This must be manually resolved.

With the affected user logged in, open System Preferences >> iCloud.

Choose "Sign Out".