Apple macOS 14 (Sonoma) STIG Version Comparison

There are 6 differences between versions v2 r1 (July 24, 2024) (the "left" version) and v2 r3 (Jan. 30, 2025) (the "right" version).

Check APPL-14-000016 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Title

The macOS system must be integrated into a directory services infrastructure.

Check Content

Verify the macOS system is configured to integrate into a directory service with the following command: /usr/bin/dscl localhost -list . \| /usr/bin/grep -qvE '(Contact\|Search\|Local\|^$)'; /bin/echo $? If the result is not "0", this is a finding.

Discussion

A directory service infrastructure enables centralized user and rights management, as well as centralized control over computer and user configurations. Integrating the macOS systems used throughout an organization into a directory services infrastructure ensures more administrator oversight and security than allowing distinct user account databases to exist on each separate system.

Fix

Configure the macOS system to integrate into an existing directory services infrastructure.