Title

The macOS system must be integrated into a directory services infrastructure. (Cat II impact)

Discussion

A directory service infrastructure enables centralized user and rights management, as well as centralized control over computer and user configurations. Integrating the macOS systems used throughout an organization into a directory services infrastructure ensures more administrator oversight and security than allowing distinct user account databases to exist on each separate system.

Check Content

Verify the macOS system is configured to integrate into a directory service with the following command: /usr/bin/dscl localhost -list . \| /usr/bin/grep -qvE '(Contact\|Search\|Local\|^$)'; /bin/echo $? If the result is not "0", this is a finding.

Fix Text

Configure the macOS system to integrate into an existing directory services infrastructure.

Additional Identifiers

Rule ID: SV-259427r940903_rule

Vulnerability ID: V-259427

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.