2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled

Information

Apple provides a mechanism to send diagnostic and analytics data back to Apple to help them improve the platform. Information sent to Apple may contain internal organizational information that should be controlled and not available for processing by Apple. Turn off all Analytics and Improvements sharing.

Share Mac Analytics (Share with App Developers dependent on Mac Analytic sharing)

Includes diagnostics, usage and location data

Share iCloud Analytics

Includes iCloud data and usage information

Rationale:

Organizations should have knowledge of what is shared with the vendor and that this setting automatically forwards information to Apple.

Solution

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.applicationaccess

The key to include is allowDiagnosticSubmission

The key must be set to <false/>

There must also be a second PayloadType string of com.apple.SubmitDiagInfo

The key to include is AutoSubmit

The key must be set to <false/>

There must also be a third PayloadType string of com.apple.assistant.support

The key to also include is Siri Data Sharing Opt-In Status

The key must be set to <integer>2<integer/>

See Also

https://workbench.cisecurity.org/benchmarks/14563