Check: AOSX-12-000070
Apple OS X 10.12 STIG:
AOSX-12-000070
(in versions v1 r6 through v1 r1)
Title
The OS X system must be configured with Wi-Fi support software disabled. (Cat II impact)
Discussion
Use of Wi-Fi to connect to unauthorized networks may facilitate the exfiltration of mission data. Satisfies: SRG-OS-000300-GPOS-00118, SRG-OS-000480-GPOS-00227
Check Content
If the system requires Wi-Fi to connect to an authorized network, this is not applicable. To check if the Wi-Fi network device is disabled, run the following command: /usr/bin/sudo /usr/sbin/networksetup -listallnetworkservices A disabled device will have an asterisk in front of its name. If the Wi-Fi device is missing this asterisk, this is a finding.
Fix Text
To disable the Wi-Fi network device, run the following command: /usr/bin/sudo /usr/sbin/networksetup -setnetworkserviceenabled "Wi-Fi" off
Additional Identifiers
Rule ID: SV-90655r1_rule
Vulnerability ID: V-75967
Group Title: SRG-OS-000300-GPOS-00118
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001443 |
The information system protects wireless access to the system using authentication of users and/or devices. |
CCI-001444 |
The information system protects wireless access to the system using encryption. |
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |