Navigate

Check: APPL-13-000016

Apple macOS 13 (Ventura) STIG: APPL-13-000016 (in versions v1 r4 through v1 r1)

Title

The macOS system must be integrated into a directory services infrastructure. (Cat I impact)

Discussion

Distinct user account databases on each separate system cause problems with username and password policy enforcement. Most approved directory services infrastructure solutions allow centralized management of users and passwords.

Check Content

If the macOS system is using a mandatory Smart Card Policy, this requirement is not applicable. Verify the macOS system is configured to integrate into a directory service with the following command: /usr/bin/dscl localhost -list . | /usr/bin/grep "Active Directory" If no results are returned, this is a finding.

Fix Text

Configure the macOS system to integrate into an existing directory services infrastructure.

Additional Identifiers

Rule ID: SV-257153r905092_rule

Vulnerability ID: V-257153

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings