Secure Your Mac
Any Apple product used for business purposes must be configured to comply with Mass General Brigham policies. This includes institutionally purchased Apple products, as well as any personally owned Apple product used for business purposes. All Mass General Brigham policies can be viewed on Policy Central, and policies that require a configuration change on your Apple desktop or laptop include:
IT Asset Management Standards for Apple Macintosh Products
EISS 8d.2: IT Asset Management Standards for Apple Macintosh Products Policy requires Apple laptops & desktops must be enrolled in the Program for Enterprise Apple services (PEAS) program. All Macs enrolled in PEAS are required to enable FileVault2 for encryption. For more details on how to enroll, view our Enroll Your Mac page.
- All institutionally-purchased or owned Apple Macintosh devices must be enrolled in PEAS
- PEAS is available for personally owned Apple Macintosh devices being used to conduct business
- Any Apple Macintosh device used as their primary work device to conduct Mass General Brigham business must be enrolled in PEAS
IT Access Control Standards for Networks Policy
EISS-9a.2: IT Access Control Standards for Networks​ Policy covers a number of network configurations that that must be in place on your Mac such as:
- Network Access Control (NAC) must be used, where available as a means to assess, monitor and in some cases; enforce minimum security requirements of devices accessing the network
- Antivirus software and definitions; security patches; and, malware detection solutions must be up to date
IT Access Control Security Policy
EISP-9.2 IT Access Control Security Policy covers a number of controls that must be in place on your Mac. Please review this policy and specifically note that Apple computers:
- Must automatically invoke a screen saver or other compensating controls to prevent unauthorized access
- Must be logged off or protected with a screen locking mechanism when not in use
IT Access Control Standards for Users
EISS-9b.2: IT Access Control Standards for Users Policy also covers a number of controls that must be configured on your Mac and other devices. Note your local Mac accounts are subject to the password standards which include:
- Required minimum length of 8 characters
- Passwords must be alphanumeric, containing at least one of each
- Cannot reuse 4 previous passwords
- Default vendor passwords must be changed before migrating into a production environment
- Passwords must be changed immediately if either the password or the system is or may be compromised
IT Acquisition, SDLC and Maintenance Policy
EISP-12.2: IT Acquisition, SDLC and Maintenance Policy states that all computers including Macs are required to be kept up to date on software updates to decrease the risk of a remote exploit. View how on our Update Your Mac page.
- Business and System owners are responsible for timely implementation of software patches, firmware updates, configuration updates and any other corrective measure that has been identified to reduce risks associated with information technology resources that are out of date, misconfigured, missing software or firmware patches, and are otherwise configured in a manner which increases the risk of remote exploit of the resource.