refactor[rules] Added external intelligence rules

Added rules to disable external intelligence features for 15.2
2026-02-03 14:03:24 +00:00 · 2024-11-25 10:55:26 -05:00
parent e99c62b4a3
commit 2c50e63a9a
2 changed files with 130 additions and 0 deletions
--- a/rules/system_settings/system_settings_external_intelligence_disable.yaml
+++ b/rules/system_settings/system_settings_external_intelligence_disable.yaml
@@ -0,0 +1,65 @@
+id: system_settings_external_intelligence_disable
+title: Disable External Intelligence Integrations
+discussion: |
+  Integration with external intelligence systems _MUST_ be disabled unless approved by the organiztion. Disabling external intelligence integration will mitigate the risk of data being sent to unapproved third party.
+
+  The information system _MUST_ be configured to provide only essential capabilities.
+check: |
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
+  .objectForKey('allowExternalIntelligenceIntegrations').js
+  EOS
+result:
+  string: 'false'
+fix: |
+  This is implemented by a Configuration Profile.
+references:
+  cce:
+    - N/A
+  cci:
+    - CCI-000381
+  800-53r5:
+    - AC-20
+    - CM-7
+    - CM-7(1)
+  800-53r4:
+    - CM-7
+    - CM-7(1)
+    - AC-20
+  srg:
+    - SRG-OS-000095-GPOS-00049
+  disa_stig:
+    - N/A
+  800-171r3:
+    - 03.01.20
+    - 03.04.06
+  cis:
+    benchmark:
+      - N/A
+    controls v8:
+      - 4.1
+      - 4.8
+      - 15.3
+  cmmc:
+    - AC.L1-3.1.20
+    - CM.L2-3.4.6
+    - CM.L2-3.4.7
+macOS:
+  - '15.2'
+tags:
+  - 800-53r5_low
+  - 800-53r5_moderate
+  - 800-53r5_high
+  - 800-53r4_low
+  - 800-53r4_moderate
+  - 800-53r4_high
+  - 800-171
+  - cisv8
+  - cnssi-1253_low
+  - cnssi-1253_high
+  - cnssi-1253_moderate
+severity: medium
+mobileconfig: true
+mobileconfig_info:
+  com.apple.applicationaccess:
+    allowExternalIntelligenceIntegrations: false
--- a/rules/system_settings/system_settings_external_intelligence_sign_in_disable.yaml
+++ b/rules/system_settings/system_settings_external_intelligence_sign_in_disable.yaml
@@ -0,0 +1,65 @@
+id: system_settings_external_intelligence_sign_in_disable
+title: Disable External Intelligence Integration Sign In
+discussion: |
+  The ability to sign into an external intelligence systems _MUST_ be disabled unless approved by the organiztion. Disabling external intelligence integration will mitigate the risk of data being sent to unapproved third party.
+
+  The information system _MUST_ be configured to provide only essential capabilities.
+check: |
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
+  .objectForKey('allowExternalIntelligenceIntegrationsSignIn').js
+  EOS
+result:
+  string: 'true'
+fix: |
+  This is implemented by a Configuration Profile.
+references:
+  cce:
+    - N/A
+  cci:
+    - CCI-000381
+  800-53r5:
+    - AC-20
+    - CM-7
+    - CM-7(1)
+  800-53r4:
+    - CM-7
+    - CM-7(1)
+    - AC-20
+  srg:
+    - SRG-OS-000095-GPOS-00049
+  disa_stig:
+    - N/A
+  800-171r3:
+    - 03.01.20
+    - 03.04.06
+  cis:
+    benchmark:
+      - N/A
+    controls v8:
+      - 4.1
+      - 4.8
+      - 15.3
+  cmmc:
+    - AC.L1-3.1.20
+    - CM.L2-3.4.6
+    - CM.L2-3.4.7
+macOS:
+  - '15.2'
+tags:
+  - 800-53r5_low
+  - 800-53r5_moderate
+  - 800-53r5_high
+  - 800-53r4_low
+  - 800-53r4_moderate
+  - 800-53r4_high
+  - 800-171
+  - cisv8
+  - cnssi-1253_low
+  - cnssi-1253_high
+  - cnssi-1253_moderate
+severity: medium
+mobileconfig: true
+mobileconfig_info:
+  com.apple.applicationaccess:
+    allowExternalIntelligenceIntegrationsSignIn: false