An error occurred:

Check: APPL-13-005050

Apple macOS 13 (Ventura) STIG: APPL-13-005050 (in versions v1 r4 through v1 r1)

Title

The macOS Application Firewall must be enabled. (Cat II impact)

Discussion

Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network.

Check Content

Verify the macOS system is configured to enable the built-in firewall with the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "EnableFirewall\|EnableStealthMode" EnableFirewall = 1; EnableStealthMode = 1; If "EnableFirewall" and "EnableStealthMode" are not set to "1", this is a finding.

Fix Text

Configure the macOS system to enable the built-in firewall by installing the "Restrictions Policy" configuration profile.

Additional Identifiers

Rule ID: SV-257242r905359_rule

Vulnerability ID: V-257242

Group Title: SRG-OS-000480-GPOS-00232

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings