An error occurred:

Check: APPL-11-002064

Apple macOS 11 (Big Sur) STIG: APPL-11-002064 (in versions v1 r8 through v1 r1)

Title

The macOS system must have the security assessment policy subsystem enabled. (Cat I impact)

Discussion

Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, software defined by the organization as critical must be signed with a certificate that is recognized and approved by the organization.

Check Content

To check the status of the Security assessment policy subsystem, run the following command: /usr/sbin/spctl --status | /usr/bin/grep enabled If "assessments enabled" is not returned, this is a finding.

Fix Text

To enable the Security assessment policy subsystem, run the following command: /usr/bin/sudo /usr/sbin/spctl --master-enable

Additional Identifiers

Rule ID: SV-230824r877463_rule

Vulnerability ID: V-230824

Group Title: SRG-OS-000366-GPOS-00153

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001749

The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check