Details
The macOS built-in Calendar.app _MUST_ be disabled as this application can establish a connection to non-approved services. This rule is in place to prevent inadvertent data transfers.
[IMPORTANT]
====
Some organizations allow the use of the built-in Calendar.app for organizational communication. Information System Security Officers (ISSOs) may make the risk-based decision not to disable the macOS built-in Mail.app to avoid losing this functionality, but they are advised to first fully weigh the potential risks posed to their organization.
====
Solution
This is implemented by a Configuration Profile.
mobileconfig profile info:
com.apple.applicationaccess.new:
familyControlsEnabled:
True
pathBlackList:
/Applications/Calendar.app
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Configuration Management.This control applies to the following type of system Unix.
References
- 800-53|AC-20
- 800-53|CM-7
- 800-53|CM-7(1)
- 800-53|CM-7a.
- CCE|CCE-85300-2, CCI|CCI-000381
- STIG-ID|APPL-11-002023