The macOS system must disable Location Services.

STIG ID: APPL-14-002004  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium |  CCI: CCI-000381 |  Vulnerability Id: V-259480

Vulnerability Discussion

The information system must be configured to provide only essential
capabilities. Disabling Location Services helps prevent the unauthorized connection of devices,
unauthorized transfer of information, and unauthorized tunneling.

Check

Verify the macOS system is configured to disable Location Services with the following
command:

/usr/bin/sudo -u _locationd /usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.locationd')\
.objectForKey('LocationServicesEnabled').js
EOS

If the result is not "false", this is a finding.

Fix

Configure the macOS system to disable Location Services with the
following command:

/usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd
LocationServicesEnabled -bool false; /bin/launchctl kickstart -k system/com.apple.locationd

The system may need to be restarted for the update to take effect.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.