An error occurred:

Check: APPL-15-002064

Apple macOS 15 (Sequoia) STIG: APPL-15-002064 (in versions v1 r3 through v1 r1)

Title

The macOS system must enable gatekeeper. (Cat I impact)

Discussion

Gatekeeper must be enabled. Gatekeeper is a security feature that ensures that applications are digitally signed by an Apple-issued certificate before they are permitted to run. Digital signatures allow the macOS host to verify that the application has not been modified by a malicious third party. Administrator users will still have the option to override these settings on a case-by-case basis.

Check Content

Verify the macOS system is configured to enable gatekeeper with the following command: /usr/sbin/spctl --status | /usr/bin/grep -c "assessments enabled" If the result is not "1", this is a finding.

Fix Text

Configure the macOS system to enable gatekeeper with the following command: /usr/sbin/spctl --global-enable

Additional Identifiers

Rule ID: SV-268511r1034473_rule

Vulnerability ID: V-268511

Group Title: SRG-OS-000366-GPOS-00153

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-003992

Prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check