Title

The macOS Application Firewall must be enabled. (Cat II impact)

Discussion

Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network.

Check Content

Verify that the built-in firewall is enabled: # /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep 'EnableFirewall\|EnableStealthMode' If the return is not "EnableFirewall = 1;" and "EnableStealthMode = 1;" this is a finding. If the built-in firewall is not enabled, ask the System Administrator if another application firewall is installed and enabled. If no application firewall is installed and enabled, this is a finding.

Fix Text

This setting is enforced using the "Restrictions Policy" configuration profile.

Additional Identifiers

Rule ID: SV-252536r877367_rule

Vulnerability ID: V-252536

Group Title: SRG-OS-000480-GPOS-00232

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.