Detections
Analytics

2.5.4 Audit Location Services Access

Information

macOS uses location information gathered through local Wi-Fi networks to enable applications to supply relevant information to users. While Location Services may be very useful, it may not be desirable to allow all applications that can use Location Services to use your location for Internet queries in order to provide tailored content based on your current location.

Ensure applications that can use Location Services are authorized and provide that information where the application interacts with external systems. Apple offers feedback within System Preferences and may be enabled to supply information on the menu bar when Location Services are used.

Safari can deny access from websites or prompt for access.

Applications that support Location Services can be individually controlled in the Privacy tab in Security & Privacy under System Preferences.

Access should be evaluated to ensure that privacy controls are as expected.

Rationale:

Privacy controls should be monitored for appropriate settings.

Impact:

Many macOS features rely on Location Services for tailored information. Users expect their time zone and weather to be relevant to where they are without manual intervention. Find my Mac needs to know where your Mac is actually located. Where possible, the tolerance between location privacy and convenience may be best left to the user when the location itself is not sensitive. If facility locations are not public, location information should be tightly controlled.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Graphical Method:
Perform the following to disable unnecessary applications from accessing Location Services:

Open System Preferences

Select Security & Privacy

Select Privacy

Select Location Services

Set any applications that are not approved for access to Location Service information to disabled

Perform the following to set websites to ask for permission to access Location Services:

Open Safari

Select Safari from the menu bar

Select Preferences

Select Websites

Select Location

Set When visiting other websites to Ask or Deny

See Also

https://workbench.cisecurity.org/files/4176

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-7(2), 800-53|CM-8(3), 800-53|CM-9, 800-53|CM-10, 800-53|CM-11, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|2.6, CSCv7|5.1

Plugin: Unix

Control ID: 528c5ee25456c85437eab8787da0e919af33a3cca44e4920d23ea8d92e7b168d