Check: AOSX-11-000095
Apple OS X 10-11 STIG:
AOSX-11-000095
(in versions v1 r6 through v1 r3)
Title
Automatic actions must be disabled for music CDs. (Cat II impact)
Discussion
Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti-virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for music CDs mitigates this risk.
Check Content
If an approved HBSS DCM/DLP solution is installed, this is not applicable. To check if the system has the correct setting for music CDs in the configuration profile, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep -A 2 'com.apple.digihub.cd.music.appeared' If this is not defined or "action" is not set to "1", this is a finding.
Fix Text
This setting is enforced using the "Custom Policy" configuration profile.
Additional Identifiers
Rule ID: SV-81995r1_rule
Vulnerability ID: V-67505
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |