2.15 Audit Touch ID and Wallet & Apple Pay Settings


Apple has integrated Touch ID with macOS and allows fingerprint use for many common operations. All use of Touch ID requires the presence of a password and the use of that password after every reboot or where it has been more than 48 hours since the device was last unlocked.

Touch ID is a pre-requisite for using Apple Pay and Wallet on macOS. Apple Pay allows an Apple account holder to enroll their credit cards in Apple Pay and pay enrolled vendors without using the physical card or number. Apple's service eliminates the requirement to send the credit card number itself to the vendor. Apple Pay on a Mac allows the use of credit cards the user has already enrolled and reduces user risk for credit card purchases.


Touch ID allows for an account enrolled fingerprint to access a key that uses a previously provided password.

Some environments may have rules around purchases from organizationally managed computers and may want to discourage shopping from them. It is difficult to block access to websites that allow purchases and Apple Pay has additional controls for user protection than the manually entry of credit card information


Touch ID is more convenient for use with aggressive screen lock controls.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Perform the following to set Touch ID to your organization's settings:
Graphical Method:

Open System Preferences

Select Touch ID

Select the Touch ID settings match your organization's settings

Open System Preferences

Select Wallet & Apple Pay

Select the Wallet & Apple Pay settings match your organization's settings

See Also


Item Details


References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|IA-5(1), 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|4.4, CSCv7|5.1

Plugin: Unix

Control ID: 0feade0d5d195a28c16c1d8e99cfc79abad9f737232c85bc62e801cb2a84c665