Check: APPL-15-000180
Apple macOS 15 (Sequoia) STIG:
APPL-15-000180
(in versions v1 r3 through v1 r1)
Title
The macOS system must enable the time synchronization daemon. (Cat II impact)
Discussion
The macOS time synchronization daemon (timed) must be enabled for proper time synchronization to an authorized time server. NOTE: The time synchronization daemon is enabled by default on macOS. Satisfies: SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144, SRG-OS-000785-GPOS-00250
Check Content
Verify the macOS system is configured to enable the time synchronization daemon with the following command: /bin/launchctl list | /usr/bin/grep -c com.apple.timed If the result is not "1", this is a finding.
Fix Text
Configure the macOS system to enable the time synchronization daemon with the following command: /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.timed.plist NOTE: The service "timed" cannot be unloaded or loaded while System Integrity Protection (SIP) is enabled.
Additional Identifiers
Rule ID: SV-268450r1038944_rule
Vulnerability ID: V-268450
Group Title: SRG-OS-000355-GPOS-00143
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-004922 |
Synchronize system clocks within and between systems or system components. |
| CCI-004923 |
Compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source. |
| CCI-004926 |
Synchronize the internal system clocks to the authoritative time source when the time difference is greater than organization-defined time period. |
Controls
| Number | Title |
|---|---|
| No controls are assigned to this check |