The macOS system must disable iCloud Photo Library.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-214875	AOSX-13-000561	SV-214875r609363_rule		Medium

Description
To support the requirements and principles of least functionality, the operating system must support the organizational requirements, providing only essential capabilities and limiting the use of ports, protocols, and/or services to only those required, authorized, and approved to conduct official business or to address authorized quality-of-life issues. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000370-GPOS-00155

Description

To support the requirements and principles of least functionality, the operating system must support the organizational requirements, providing only essential capabilities and limiting the use of ports, protocols, and/or services to only those required, authorized, and approved to conduct official business or to address authorized quality-of-life issues. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000370-GPOS-00155

STIG	Date
Apple OS X 10.13 Security Technical Implementation Guide	2021-11-19

Details

Check Text ( C-16075r569443_chk )
To check if the system has the correct setting in the configuration profile to disable access to the iCloud preference pane, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType \| /usr/bin/grep -A 5 DisabledPreferencePanes \| grep icloud If the return is not “com.apple.preferences.icloud”, this is a CAT I finding. To view the setting for the iCloud Photo Library configuration, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType \| /usr/bin/grep allowCloudPhotoLibrary If the output is null or not "allowCloudPhotoLibrary = 0" this is a finding.

Check Text ( C-16075r569443_chk )

To check if the system has the correct setting in the configuration profile to disable access to the iCloud preference pane, run the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep -A 5 DisabledPreferencePanes | grep icloud

If the return is not “com.apple.preferences.icloud”, this is a CAT I finding.

To view the setting for the iCloud Photo Library configuration, run the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowCloudPhotoLibrary

If the output is null or not "allowCloudPhotoLibrary = 0" this is a finding.

Fix Text (F-16073r569444_fix)
This setting is enforced using the "Restrictions" configuration profile.