An error occurred:

Check: APPL-12-002064

Apple macOS 12 (Monterey) STIG: APPL-12-002064 (in versions v1 r8 through v1 r1)

Title

The macOS system must have the security assessment policy subsystem enabled. (Cat I impact)

Discussion

Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, software defined by the organization as critical must be signed with a certificate that is recognized and approved by the organization.

Check Content

To check the status of the Security assessment policy subsystem, run the following command: /usr/sbin/spctl --status 2> /dev/null | /usr/bin/grep enabled If "assessments enabled" is not returned, this is a finding.

Fix Text

To enable the Security assessment policy subsystem, run the following command: /usr/bin/sudo /usr/sbin/spctl --master-enable

Additional Identifiers

Rule ID: SV-252514r877463_rule

Vulnerability ID: V-252514

Group Title: SRG-OS-000366-GPOS-00153

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001749

The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5 (3)

Signed Components