An error occurred:

Check: APPL-14-005070

Apple macOS 14 (Sonoma) STIG: APPL-14-005070 (in versions v1 r2 through v1 r1)

Title

The macOS system must enable Authenticated Root. (Cat II impact)

Discussion

Authenticated Root must be enabled. When Authenticated Root is enabled the macOS is booted from a signed volume that is cryptographically protected to prevent tampering with the system volume. Note: Authenticated Root is enabled by default on macOS systems. WARNING: If more than one partition with macOS is detected, the csrutil command will hang awaiting input.

Check Content

Verify the macOS system is configured to enable authenticated root with the following command: /usr/bin/csrutil authenticated-root | /usr/bin/grep -c 'enabled' If the result is not "1", this is a finding.

Fix Text

Configure the macOS system to enable authenticated root with the following command: /usr/bin/csrutil authenticated-root enable Note: To reenable "Authenticated Root", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the command.

Additional Identifiers

Rule ID: SV-259570r941332_rule

Vulnerability ID: V-259570

Group Title: SRG-OS-000080-GPOS-00048

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000213

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3

Access Enforcement