Check: AOSX-13-000155
Apple OS X 10.13 STIG:
AOSX-13-000155
(in versions v2 r5 through v1 r1)
Title
The macOS system firewall must be configured with a default-deny policy. (Cat II impact)
Discussion
An approved firewall must be installed and enabled to work in concert with the macOS Application Firewall. When configured correctly, firewalls protect computers from network attacks by blocking or limiting access to open network ports.
Check Content
Ask the System Administrator (SA) or Information System Security Officer (ISSO) if an approved firewall is loaded on the system. The recommended system is the McAfee HBSS. If no firewall is installed on the system, this is a finding. If a firewall is installed and it is not configured with a "default-deny" policy, this is a finding.
Fix Text
Install an approved HBSS or firewall solution onto the system and configure it with a "default-deny" policy.
Additional Identifiers
Rule ID: SV-214828r609363_rule
Vulnerability ID: V-214828
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-002080 |
The organization employs either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems. |