2.1.1.2 Audit iCloud Drive

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

iCloud Drive is Apple's storage solution for applications on both macOS and iOS to use the same files that are resident in Apple's cloud storage. The iCloud Drive folder is available much like Dropbox, Microsoft OneDrive, or Google Drive.

One of the concerns in public cloud storage is that proprietary data may be inappropriately stored in an end user's personal repository. Organizations that need specific controls on information should ensure that this service is turned off or the user knows what information must be stored on services that are approved for storage of controlled information.

Rationale:

Organizations should review third party storage solutions pertaining to existing data confidentiality and integrity requirements.

Impact:

Users will not be able to use continuity on macOS to resume the use of newly composed but unsaved files.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Graphical Method:
Perform the following to set iCloud Drive to your organization's requirements:

Open System Settings

Select Apple ID

Select iCloud

Set iCloud Drive to meet your organization's requirements

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.applicationaccess

The key to include is allowCloudDocumentSync

The key should be set <true/>, to allow iCloud Drive, or <false/>, to disable it, based on your organization's requirements

Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

See Also

https://workbench.cisecurity.org/files/4159