Check: AOSX-13-000551
Apple OS X 10.13 STIG:
AOSX-13-000551
(in versions v2 r5 through v1 r1)
Title
The macOS system must disable the Touch ID feature. (Cat II impact)
Discussion
The Touch ID feature permits users to add additional fingerprints to unlock the host. These fingerprints may be for the user or anyone else. Because unauthorized users may gain access to the system, the use of Touch ID must be limited.
Check Content
To view the setting for Touch ID configuration, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowFingerprintForUnlock If the output is null, not "allowFingerprintForUnlock = 0" this is a finding.
Fix Text
This setting is enforced using the "Restrictions" configuration profile.
Additional Identifiers
Rule ID: SV-214865r609363_rule
Vulnerability ID: V-214865
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |