App Management for ECU-Owned macOS Systems

We are all responsible for the ECU information in our care. Occasionally, some default features of a macOS system do not comply with security guidelines and ECU regulations.

To help with auditing and regulation compliance, ECU follows the Center for Internet Security (CIS) benchmarks and best practices to provide users the utility required for work while protecting ECU data.

 ITCS manages some options and disables other consumer-oriented apps on ECU-managed (ECU-owned) Mac computers.

The following features are enabled:

  • Eject at Logout – Prevents harm to externally-connected devices if a user logs out and forgets to eject a device. Also prevents inadvertently passing along a DVD if another person borrows the system.
  • Activation Lock – Find My Mac is disabled, and Activation Lock is managed by ITCS.

The following features are disabled:

  • Family Sharing (consumer-oriented app) – Allows sharing of Apple services like iCloud storage with other family members. Sharing iCloud storage and photos with others is a concern if ECU data is unknowingly backed up to the iCloud space.
  • TV app (consumer-oriented app) – Used to discover and watch TV on your device.
  • Wallet & Apple Pay (consumer-oriented app) – Apple Pay allows contactless purchases in stores, apps or on the web. Wallet stores payment and other access information.
  • Game Center (consumer-oriented app) – Participation allows sharing of personal information that can be read and used by others, including Apple. Can be re-enabled by department chair request.
  • Game downloads – Default games that come with macOS are not affected. However, games downloaded by the user are blocked.
  • Home app (consumer-oriented app) – Controls smart home products; uses iCloud keychain which contains all the user’s passwords, both personal and ECU-related. Not secure.
  • Password sharing – ECU does not allow any type of password sharing.
  • iCloud sync – iCloud is NOT approved storage of ECU data. Approved storage for ECU data is Microsoft OneDrive and Piratedrive. See the IT KB article, Create a Backup for Your Mac Computer, in the related articles section for an appropriate file storage option for ECU data.
  • Find My Mac – Once enabled, the system can only be unlocked by the Apple ID used to enable it. This is a problem if the computer needs repair or the user leaves ECU and returns the system; it cannot be repaired, re-imaged or reassigned to another user while this feature is enabled.

These changes only apply to ECU-managed macOS computers, not your personal devices. If any of these features are required for ECU-related work, please submit the Technology Security Assessment service request.

The following types of software are disabled:

Software like games, torrent clients and software installed for personal use (considered unauthorized) are disabled for security and privacy requirements. Examples include but are not limited to the following. If you require any blocked software as part of your responsibilities for ECU, please begin the approval process by following the steps outlined in the Technology Purchase Approval process.

  • Capital One Shopping
  • Minecraft
  • World of Warcraft
  • TeamViewer
  • TurboTax
  • Coupon
  • Bittorrent
  • Dropbox Sync (ECU data should ONLY be stored in university-approved OneDrive cloud storage (recommended) or Piratedrive NAS.

Firefox browser

The following Firefox browser options also apply:

  • The default home page is the ECU home page. Users can change this to their preference.
  • Firefox accounts are disabled. Firefox accounts sync bookmarks and saved passwords across multiple devices. It is a security risk for a browser to save or sync passwords, so accounts are turned off.
  • The bookmark toolbar always shows. Users can also turn off this feature as well.

Sensitive data and software acquisition

The Software and Data Collection Services Acquisition Regulation requires that all software – purchased and free – be reviewed by the Technology Acquisition Committee and ITCS to

  • Avoid duplication or replication of an existing software or service
  • Ensure compatibility with existing infrastructure and applications
  • Guarantee the security and accessibility of the product
  • Weigh the risks associated with its use

Submit the Technology Security Assessment to request a software review. The assessment also addresses installation and remote access. If the software stores, processes or transmits sensitive data, you must request approval from the appropriate data stewards prior to installation. Visit the Data Governance website for more information.


Article ID: 67602
Thu 2/11/21 11:29 AM
Thu 9/9/21 11:49 AM