6.4 Use parental controls for systems that are not centrally managed

Information

Many aspects and features of macOS can be restricted on a user-by-user basis via the Parental Controls feature. This includes computer usage time limits, application accessibility limitations, and website restrictions. Although this feature is called Parental Controls, these restrictions may be appropriate for corporate, government, or educational use.

Rationale:

Limiting usage and restricting features for managed users reduces the risk of the user and/or system being exposed to malicious and/or inappropriate content.

Impact:

The extensive use of parental controls adds to the configuration management burden and can limit legitimate user activity.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Perform the following to enable parental controls:

Open System Preferences

Select Users & Groups

Select the managed user

Set Enable parental controls

Select Open Parental Controls

Set the required restricted items

See Also

https://workbench.cisecurity.org/files/3013

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(9), CSCv7|4.3

Plugin: Unix

Control ID: 9280dfba9b046d46120edb74526de747b9c200146da6dca2ba153a5d54a02404