Check: AOSX-10-000090
Apple OS X 10-10 Workstation STIG:
AOSX-10-000090
(in versions v1 r5 through v1 r4)
Title
Automatic actions must be disabled for blank DVDs. (Cat II impact)
Discussion
Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti-virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for blank DVDs mitigates this risk.
Check Content
If an approved HBSS DCM/DLP solution is installed, this is not applicable. To check if the system has the correct setting for blank DVDs in the configuration profile, run the following command: system_profiler SPConfigurationProfileDataType | grep -A 2 'com.apple.digihub.blank.dvd.appeared' If this is not defined or 'action' is not set to '1', this is a finding.
Fix Text
This setting is enforced using the "Custom Policy" configuration profile.
Additional Identifiers
Rule ID: SV-73977r2_rule
Vulnerability ID: V-59547
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |