Details

Enterprise networks may be required to audit all network traffic by policy, therefore, iCloud Private Relay _MUST_ be disabled.

Network administrators can also prevent the use of this feature by blocking DNS resolution of mask.icloud.com and mask-h2.icloud.com.

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.applicationaccess:
allowCloudPrivateRelay:
False

Supportive Information

The following resource is also helpful.

• https://github.com/usnistgov/macos_security

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Configuration Management, System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|AC-20
• 800-53|AC-20(1)
• 800-53|CM-7
• 800-53|CM-7(1)
• 800-53|SC-7(10)
• CCE|CCE-90894-7

Source

• Tenable.com/audits