Detections
Analytics

Big Sur - Disable iCloud Keychain Sync

Information

The macOS system's ability to automatically synchronize a user's passwords to their iCloud account _MUST_ be disabled.

Apple's iCloud service does not provide an organization with enough control over the storage and access of data and, therefore, password management and synchronization _MUST_ be controlled by an organization approved service.

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.applicationaccess:
 allowCloudKeychainSync:
 False

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-20, 800-53|AC-20(1), 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-7(5)(b), 800-53|CM-7a., 800-53|SC-7(10), CCE|CCE-85287-1, CCI|CCI-000381, CCI|CCI-001774, STIG-ID|APPL-11-002040

Plugin: Unix

Control ID: 1cffbe0364e6d648394d516566298fa2b2205ce68f75e59c13a966a60ffca01a