Check: AOSX-10-000155
Apple OS X 10-10 Workstation STIG:
AOSX-10-000155
(in versions v1 r5 through v1 r4)
Title
The system firewall must be configured with a default-deny policy. (Cat II impact)
Discussion
An approved firewall must be installed and enabled to work in concert with the Mac OS X Application Firewall. When configured correctly, firewalls protect computers from network attacks by blocking or limiting access to open network ports.
Check Content
The system firewall must be configured with a default-deny policy. Ask the SA or ISSO if an approved firewall is loaded on the system. The recommended system is the McAfee HBSS. If there is no firewall installed on the system, this is a finding. If there is a firewall installed and it is not configured with a default deny policy, this is a finding.
Fix Text
Install an approved HBSS or firewall solution onto the system and configure it with a default-deny policy.
Additional Identifiers
Rule ID: SV-74007r1_rule
Vulnerability ID: V-59577
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |