7.12 Siri on macOS


With macOS 10.12 Sierra Apple has introduced Siri from iOS to macOS. While there are data spillage concerns with use of software data gathering personal assistants the risk here does not seem greater in sending queries to Apple through Siri than in sending search terms in a browser to Google or Microsoft. While it is possible that Siri will be used for local actions rather than Internet searches which could, in theory, tell Apple about confidential Programs and Projects that should not be revealed this appears be an edge use case.

In cases where sensitive and protected data is processed and Siri could help a user navigate their machine and expose that information it should be disabled. Siri does need to phone home to Apple so it should not be available from air-gapped networks as part of it's requirements.

Most of the use case data published has shown that Siri is a tremendous time saver on iOS where multiple screens and menus need to be navigated through. Information like sports scores, weather, movie times and simple to-do items on existing calendars can be easily found with Siri. None of the standard use cases should be more risky than already approved activity. Where 'normal' user activity is already limited Siri use should be controlled as well.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.



See Also


Item Details


References: 800-53|CM-2, 800-53|CM-6, CSCv7|5

Plugin: Unix

Control ID: f858ddc47cc589cd5859b08ed0ce4caeb793c83499870fc78afd8913fa206f76