2.6.6 Enable Location Services

Information

MacOS uses location information gathered through local Wi-Fi networks to enable applications to supply relevant information to users. Users do not need to change the time or the time zone, the computer will do it for them. They do not need to specify their location for weather or travel times and even get alerts on travel times to meetings and appointment where location information is supplied.

For the purpose of asset management and time and log management with mobile computers location services simplify some processes.

There are some use cases where it is important that the computer not be able to report its exact location. While the general use case is to enable Location Services, it should not be allowed if the physical location of the computer and the user should not be public knowledge.

NOTE: This check requires privilege escalation using sudo in order to execute successfully. Ensure that you allow privilege escalation in the credentials section for this scan.

Solution

Perform the following to ensure the system is configured as prescribed:
1. In Terminal, run the following command:
sudo launchctl load /System/Library/LaunchDaemons/com.apple.locationd.plist
2. There should be no response.

In some use cases organizations may not want Location Services running in those cases "unload" rather than "load" is the appropriate command.

Perform the following to ensure the system is configured as prescribed:
1. In Terminal, run the following command:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.locationd.plist
2. Verify that the results include: Could not find specified service.

See Also

https://workbench.cisecurity.org/files/300

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-8(8)

Plugin: Unix

Control ID: 34a3701975a14247b952a9fe8dcc830bffc204618d8a0cd47c80d9f1ae40a0da