STIG ID: APPL-14-002170 | SRG: SRG-OS-000095-GPOS-00049 | Severity: medium | CCI: | Vulnerability Id: V-259525
Enterprise networks may be required to audit all network traffic by
policy; therefore, iCloud Private Relay must be disabled.
Network administrators can also prevent the use of this feature by blocking DNS resolution of
mask.icloud.com and mask-h2.icloud.com.
Configure the macOS system to disable the iCloud Private Relay by
installing the "com.apple.applicationaccess" configuration profile.
Verify the macOS system is configured to disable the iCloud Private Relay with the
following command:
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowCloudPrivateRelay').js
EOS
If the result is not "false", this is a finding.