Detections
Analytics

2.1.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled

Information

The Wi-Fi status in the menu bar indicates if the system's wireless internet capabilities are enabled. If so, the system will scan for available wireless networks in order to connect. At the time of this revision, all computers Apple builds have wireless network capability, which has not always been the case. This control only pertains to systems that have a wireless NIC available. Operating systems running in a virtual environment may not score as expected, either.

Rationale:

Enabling 'Show Wi-Fi status in menu bar' is a security awareness method that helps mitigate public area wireless exploits by making the user aware of their wireless connectivity status.

Impact:

The user of the system should have a quick check on their wireless network status available.

Solution

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.controlcenter

The key to include is WiFi

The key must be set to <integer>18</integer>

Additional Information:

AirPort is Apple's marketing name for its 802.11x based wireless network interfaces.

Option-click the Wi-Fi icon in the menu bar to find out more information about the connected wireless network.

To verify individual users:

Audit:

Graphical Method:

Perform the following steps to verify that the Wi-Fi status shows in the menu bar:

Open System Preferences

Select Dock & Menu Bar

Select Wi-Fi

Verify that Show in Menu Bar is enabled

or

Open System Preferences

Select Profiles

Verify that an installed profile has WiFi set to 18

Terminal Method:

For each user, run the following command to verify that Wi-Fi status is enabled in the menu bar:

$ /usr/bin/sudo -u <username> defaults -currentHost read com.apple.controlcenter.plist WiFi

18

Note: If the settings has not been changed from the default, then this audit will fail on the command line. Follow the remediation instructions to verify that it is set to a disabled status.

example:

$ /usr/bin/sudo -u firstuser defaults -currentHost read com.apple.controlcenter.plist WiFi

18

Remediation:

Graphical Method:

Perform the following steps to enable Wi-Fi status in the menu bar:

Open System Preferences

Select Dock & Menu Bar

Select Wi-Fi

Set Show in Menu Bar to enabled

Terminal Method:

For each user, run the following command to enable Wi-Fi status in the menu bar:

$ /usr/bin/sudo -u <username> defaults -currentHost write com.apple.controlcenter.plist WiFi -int 18

example:

$ /usr/bin/sudo -u firstuser defaults -currentHost write com.apple.controlcenter.plist WiFi -int 18

See Also

https://workbench.cisecurity.org/benchmarks/14564

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-18, 800-53|CM-6, 800-53|CM-7, 800-53|SC-23, CSCv7|15.4, CSCv7|15.5

Plugin: Unix

Control ID: 6acb4baacaeaf0c17926d48b5de73060efe57de12e6ef5aa987836181f89684e