2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured'

Information

This recommendation pertains to whether Safari, and MDM deployed browsers, will consider certain URL patterns as for managed app spaces only.

Rationale:

Sensitive files available from a website may be downloaded into the unmanaged app spaces by default. By configuring the specific domains that Safari should consider managed, an institution may support the secure containerization of their data.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the Configuration Profile:

Open Apple Configurator.

Open the Configuration Profile.

In the left windowpane, click on the Domains tab.

In the right windowpane, under Managed Safari Web Domains enter the appropriate URL pattern(s).

Deploy the Configuration Profile.

Additional Information:

For improved effectiveness, this recommendation should be paired with the blacklisting of web browsers not deployed through the MDM.

See Also

https://workbench.cisecurity.org/files/3064