Check: APPL-11-005050
Apple macOS 11 (Big Sur) STIG:
APPL-11-005050
(in versions v1 r6 through v1 r1)
Title
The macOS Application Firewall must be enabled. (Cat II impact)
Discussion
Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network.
Check Content
Verify that the built-in Firewall is enabled: # /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep 'EnableFirewall\|EnableStealthMode' If the return is not "EnableFirewall = 1;" and "EnableStealthMode = 1;" this is a finding.
Fix Text
This setting is enforced using the "Restrictions Policy" configuration profile.
Additional Identifiers
Rule ID: SV-230847r599842_rule
Vulnerability ID: V-230847
Group Title: SRG-OS-000480-GPOS-00232
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |