System Integrity Protection (SIP) is vital to the protection of the integrity of macOS. The macOS system must enable System Integrity Protection. External USB devices are a potential vector for malware and can be used to exfiltrate sensitive data if an approved data-loss.
The macOS system must restrict the ability of individuals to use USB storage devices.Įxternal writeable media devices must be disabled for users. Application firewalls limit which applications are allowed to communicate over the network. The macOS Application Firewall must be enabled.įirewalls protect computers from network attacks by blocking or limiting access to open network ports. The data needs to be protected at all times during transmission, and. The "tftp" service must be disabled as it sends all data in a clear-text form that can be easily intercepted and read. The macOS system must be configured to disable the tftp service. The macOS system must have the security assessment policy subsystem enabled.Īny changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the. The macOS system must enforce access restrictions.įailure to provide logical access restrictions associated with changes to system configuration may have significant effects on the overall security of the system. The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.ĭoD-approved certificates must be installed to the System Keychain so they will be available to all users.įor user certificates, each organization obtains certificates from an approved, shared. Employing an automated mechanism to detect this.
#Stig viewer for mac software#
Malicious software can establish a base on individual desktops and servers. The macOS system must use an approved antivirus program.Īn approved antivirus product must be installed and configured to run. These unnecessary capabilities or services are often.
#Stig viewer for mac install#
It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. The macOS system must be configured to disable the system preference pane for Apple ID. Most approved directory services infrastructure solutions allow centralized.
#Stig viewer for mac password#
The macOS system must be integrated into a directory services infrastructure.ĭistinct user account databases on each separate system cause problems with username and password policy enforcement. Multifactor authentication requires using two or more factors to. Without the use of multifactor authentication, the ease of access to privileged and non-privileged functions is greatly increased. The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. The "sudo" command must be configured to prompt for the administrator's password at least once in each newly opened Terminal window or remote logon session, as this prevents a malicious user from. The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. Findings (MAC III - Administrative Sensitive) Finding ID
0 kommentar(er)
