Check: APPL-12-002070
Apple macOS 12 (Monterey) STIG:
APPL-12-002070
(in versions v1 r8 through v1 r1)
Title
The macOS system must use an approved antivirus program. (Cat I impact)
Discussion
An approved antivirus product must be installed and configured to run. Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.
Check Content
Verify the "MRT" service is running by using the following command: /bin/launchctl print-disabled system | grep mrt If the results show "com.apple.mrt" => false", the MRT Service is running. If the MRT service is running, verify that it is configured to update automatically by using the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep ConfigDataInstall If, "ConfigDataInstall = 1" is not returned, this is a finding. If the MRT service is not running, ask the System Administrator (SA) or Information System Security Officer (ISSO) if an approved antivirus solution is loaded on the system. The antivirus solution may be bundled with an approved host-based security solution. If there is no local antivirus solution installed on the system, this is a finding.
Fix Text
Enable the MRT service: /usr/bin/sudo /bin/launchctl enable system/com.apple.mrt Installing the "Restrictions Policy" will configure the MRT Service to update automatically. If the MRT Service is not being used, install an approved antivirus solution onto the system.
Additional Identifiers
Rule ID: SV-252518r816481_rule
Vulnerability ID: V-252518
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |