Check: AOSX-12-000100
Apple OS X 10.12 STIG:
AOSX-12-000100
(in versions v1 r6 through v1 r1)
Title
The OS X system must be configured with automatic actions disabled for picture CDs. (Cat II impact)
Discussion
Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti-virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for picture CDs mitigates this risk.
Check Content
If an approved HBSS DCM/DLP solution is installed, this is not applicable. To check if the system has the correct setting for picture CDs in the configuration profile, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep -A 2 'com.apple.digihub.cd.picture.appeared' If this is not defined or "action" is not set to "1", this is a finding.
Fix Text
This setting is enforced using the "Custom Policy" configuration profile.
Additional Identifiers
Rule ID: SV-90665r1_rule
Vulnerability ID: V-75977
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |