2.17.1 Audit Internet Accounts for Authorized Use


Apple provides a section in System Settings to create and display Internet Accounts. Setting up an Internet Account allows the user to configure access to pre-existing accounts that are Internet Accessible. The Internet Accounts section is not managing network access to firewall rules, it only provides a location to manage credentials and audit external accounts for applications that make use of the 'Internet Accounts'. Some applications, like Thunderbird and Firefox, do not natively use Internet Accounts and store credentials with the application settings. Disabling the Internet Accounts section does not block access if network reachable, it just makes auditing and use more difficult. Depending on the maturity of network controls auditing the providers listed in Internet Accounts is part of managing acceptable use.


Internet provided services may one restricted in your organization and should be reviewed, even with an advanced application firewall the user may not always be using an internal trusted network subject to the organizational firewall. An audit will document which services a user has configured.


Reputationaly risky services may be identified that are not authorized and will require a recess to work with the user to no longer connect form a managed Mac.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Graphical Method:
Perform the following steps to set accounts in Internet Accounts to your organization's requirements:

Open System Settings

Select Internet Accounts

For each account, select the account

Verify that each sync option is set to yout organizations requirements

(Optional) Select Delete Account... to remove the account

(Optional) Select Add Account... to add an account to the system

See Also