An error occurred:

Check: APPL-15-000009

Apple macOS 15 (Sequoia) STIG: APPL-15-000009 (in versions v1 r3 through v1 r1)

Title

The macOS system must prevent AdminHostInfo from being available at LoginWindow. (Cat II impact)

Discussion

The system must be configured to not display sensitive information at the LoginWindow. The key AdminHostInfo, when configured, will allow the HostName, IP Address, and operating system version and build to be displayed.

Check Content

Verify the macOS system is configured to prevent AdminHostInfo from being available at LoginWindow with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\ .objectIsForcedForKey('AdminHostInfo') EOS If the result is not "false", this is a finding.

Fix Text

Configure the macOS system to prevent AdminHostInfo from being available at LoginWindow by installing the "com.apple.loginwindow" configuration profile.

Additional Identifiers

Rule ID: SV-268425r1034215_rule

Vulnerability ID: V-268425

Group Title: SRG-OS-000031-GPOS-00012

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000060

Conceal, via the device lock, information previously visible on the display with a publicly viewable image.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-11(1)

Pattern-hiding Displays