Check: APPL-15-005070
Apple macOS 15 (Sequoia) STIG:
APPL-15-005070
(in versions v1 r3 through v1 r1)
Title
The macOS system must enable Authenticated Root. (Cat II impact)
Discussion
Authenticated Root must be enabled. When Authenticated Root is enabled, the macOS is booted from a signed volume that is cryptographically protected to prevent tampering with the system volume. NOTE: Authenticated Root is enabled by default on macOS systems. WARNING: If more than one partition with macOS is detected, the csrutil command will hang awaiting input.
Check Content
Verify the macOS system is configured to enable authenticated root with the following command: /usr/libexec/mdmclient QuerySecurityInfo | /usr/bin/grep -c "AuthenticatedRootVolumeEnabled = 1;" If the result is not "1", this is a finding.
Fix Text
Configure the macOS system to enable authenticated root with the following command: /usr/bin/csrutil authenticated-root enable NOTE: To reenable "Authenticated Root", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the command.
Additional Identifiers
Rule ID: SV-268565r1034635_rule
Vulnerability ID: V-268565
Group Title: SRG-OS-000080-GPOS-00048
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000213 |
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
Controls
| Number | Title |
|---|---|
| AC-3 |
Access Enforcement |