macos_security/rules/os/os_facetime_app_disable.yaml

id: os_facetime_app_disable
title: "Disable FaceTime.app"
discussion: |
  The macOS built-in FaceTime.app _MUST_ be disabled.

  The FaceTime.app establishes a connection to Apple's iCloud service, even when security controls have been put in place to disable iCloud access.

  [IMPORTANT]
  ====
  Apple has deprecated the use of link:https://github.com/apple/device-management/blob/eb51fb0cb9626cac4717858556912c257a734ce0/mdm/profiles/com.apple.applicationaccess.new.yaml#L67-L70[application restriction controls], using these controls may not work as expected. Third party software may be required to fulfill the compliance requirements.
  ====
check: |
  /usr/bin/osascript -l JavaScript << EOS
  function run() {
    let pref1 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess.new')\
    .objectForKey('familyControlsEnabled'))
    let pathlist = $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess.new')\
    .objectForKey('pathBlackList').js
    for ( let app in pathlist ) {
        if ( ObjC.unwrap(pathlist[app]) == "/Applications/FaceTime.app" && pref1 == true ){
            return("true")
        }
    }
    return("false")
    }
  EOS
result:
  string: "true"
fix: |
  This is implemented by a Configuration Profile.
references:
  cce:
    - CCE-92788-9
  cci:
    - N/A
  800-53r5:
    - AC-20
    - CM-7
    - CM-7(1)
  800-53r4:
    - CM-7
    - CM-7(1)
    - AC-20
  srg:
    - N/A
  disa_stig:
    - N/A
  800-171r2:
    - 3.1.20
    - 3.4.6
  cis:
    benchmark:
      - N/A
    controls v8:
      - 4.1
      - 4.8
  cmmc:
    - AC.L1-3.1.20
    - CM.L2-3.4.6
    - CM.L2-3.4.7
macOS:
  - "14.0"
tags:
  - cnssi-1253_moderate
  - cnssi-1253_low
  - cnssi-1253_high
severity: "low"
mobileconfig: true
mobileconfig_info:
  com.apple.applicationaccess.new:
    familyControlsEnabled: true
    pathBlackList:
      - /Applications/FaceTime.app