An error occurred:

Check: APPL-15-000170

Apple macOS 15 (Sequoia) STIG: APPL-15-000170 (in versions v1 r3 through v1 r1)

Title

The macOS system must be configured to use an authorized time server. (Cat II impact)

Discussion

An approved time server must be the only server configured for use. As of macOS 10.13, only one time server is supported. This rule ensures the uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. Satisfies: SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144

Check Content

Verify the macOS system is configured to use an authorized time server with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\ .objectForKey('timeServer').js EOS If the result is not an authoritative time server that is synchronized with redundant USNO time servers as designated for the appropriate DOD network, this is a finding.

Fix Text

Configure the macOS system to use an authorized time server by installing the "com.apple.MCX" configuration profile.

Additional Identifiers

Rule ID: SV-268449r1038944_rule

Vulnerability ID: V-268449

Group Title: SRG-OS-000355-GPOS-00143

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-004923

Compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.
CCI-004926

Synchronize the internal system clocks to the authoritative time source when the time difference is greater than organization-defined time period.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check