The macOS system must disable iCloud Keychain synchronization.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-214872 | AOSX-13-000558 | SV-214872r609363_rule | Medium |
| Description |
|---|
| Requiring individuals to be authenticated with an individual authenticator prior to using a group authenticator allows for traceability of actions, as well as adding an additional level of protection of the actions that can be taken with group account knowledge. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000370-GPOS-00155 |
| STIG | Date |
|---|---|
| Apple OS X 10.13 Security Technical Implementation Guide | 2021-11-19 |
Details
| Check Text ( C-16072r397188_chk ) |
|---|
| To view the setting for the iCloud Keychain Synchronization configuration, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowCloudKeychainSync If the output is null or not "allowCloudKeychainSync = 0" this is a finding. |
| Fix Text (F-16070r397189_fix) |
|---|
| This setting is enforced using the "Restrictions" configuration profile. |