An error occurred:

Check: APPL-13-002064

Apple macOS 13 (Ventura) STIG: APPL-13-002064 (in versions v1 r4 through v1 r1)

Title

The macOS system must have the security assessment policy subsystem enabled. (Cat I impact)

Discussion

Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, software defined by the organization as critical must be signed with a certificate that is recognized and approved by the organization.

Check Content

Verify the macOS system is configured with the security assessment policy subsystem enabled with the following command: /usr/sbin/spctl --status assessments enabled If "assessments enabled" is not returned, this is a finding.

Fix Text

Configure the macOS system to enable the security assessment policy subsystem by installing the "Custom Policy" configuration profile.

Additional Identifiers

Rule ID: SV-257220r905293_rule

Vulnerability ID: V-257220

Group Title: SRG-OS-000366-GPOS-00153

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001749

The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5 (3)

Signed Components