Details
The macOS system’s ability to automatically synchronize a user’s desktop and documents folder to their iCloud Drive _MUST_ be disabled.
Apple’s iCloud service does not provide an organization with enough control over the storage and access of data and, therefore, automated file synchronization _MUST_ be controlled by an organization approved service.
Solution
This is implemented by a Configuration Profile.
mobileconfig profile info:
com.apple.applicationaccess:
allowCloudDesktopAndDocuments:
False
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Configuration Management, System and Communications Protection.This control applies to the following type of system Unix.