Check: AOSX-12-000240
Apple OS X 10.12 STIG:
AOSX-12-000240
(in versions v1 r6 through v1 r1)
Title
The OS X system must enable System Integrity Protection. (Cat II impact)
Discussion
The System Integrity Protection is vital to prevent unauthorized and unintended information transfer via shared system resources, protect audit tools from unauthorized access, modification, and deletion, limit privileges to change software resident within software libraries, limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders. SIP also ensures the presence of an audit record generation capability for DoD-defined auditable events for all operating system components, supports on-demand and after-the-fact reporting requirements, does not alter original content or time ordering of audit records, and does not alter original content or time ordering of audit records. Satisfies: SRG-OS-000051-GPOS-00024, SRG-OS-000054-GPOS-00025, SRG-OS-000062-GPOS-00031, SRG-OS-000122-GPOS-00063, SRG-OS-000138-GPOS-00069, SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099, SRG-OS-000259-GPOS-00100, SRG-OS-000348-GPOS-00136, SRG-OS-000349-GPOS-00137, SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140, SRG-OS-000353-GPOS-00141, SRG-OS-000354-GPOS-00142, SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00230
Check Content
System Integrity Protection is a security feature, enabled by default, that protects certain system processes and files from being modified or tampered with. Check the current status of "System Integrity Protection" with the following command: /usr/bin/csrutil status If the result does not show the following, this is a finding. System Integrity Protection status: enabled
Fix Text
To reenable "System Integrity Protection", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the following command: /usr/bin/csrutil enable
Additional Identifiers
Rule ID: SV-90697r1_rule
Vulnerability ID: V-76009
Group Title: SRG-OS-000051-GPOS-00024
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000154 |
The information system provides the capability to centrally review and analyze audit records from multiple components within the system. |
CCI-000158 |
The information system provides the capability to process audit records for events of interest based on organization-defined audit fields within audit records. |
CCI-000169 |
The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components. |
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001090 |
The information system prevents unauthorized and unintended information transfer via shared system resources. |
CCI-001493 |
The information system protects audit tools from unauthorized access. |
CCI-001494 |
The information system protects audit tools from unauthorized modification. |
CCI-001495 |
The information system protects audit tools from unauthorized deletion. |
CCI-001499 |
The organization limits privileges to change software resident within software libraries. |
CCI-001875 |
The information system provides an audit reduction capability that supports on-demand audit review and analysis. |
CCI-001876 |
The information system provides an audit reduction capability that supports on-demand reporting requirements. |
CCI-001877 |
The information system provides an audit reduction capability that supports after-the-fact investigations of security incidents. |
CCI-001878 |
The information system provides a report generation capability that supports on-demand audit review and analysis. |
CCI-001879 |
The information system provides a report generation capability that supports on-demand reporting requirements. |
CCI-001880 |
The information system provides a report generation capability that supports after-the-fact investigations of security incidents. |
CCI-001881 |
The information system provides an audit reduction capability that does not alter original content or time ordering of audit records. |
CCI-001882 |
The information system provides a report generation capability that does not alter original content or time ordering of audit records. |
Controls
Number | Title |
---|---|
AU-6 (4) |
Central Review And Analysis |
AU-7 |
Audit Reduction And Report Generation |
AU-7 (1) |
Automatic Processing |
AU-9 |
Protection Of Audit Information |
AU-12 |
Audit Generation |
CM-5 (6) |
Limit Library Privileges |
CM-6 |
Configuration Settings |
SC-4 |
Information In Shared Resources |