Check: AOSX-13-000552
Apple OS X 10.13 STIG:
AOSX-13-000552
(in versions v2 r5 through v1 r1)
Title
The macOS system must obtain updates from a DoD-approved update server. (Cat II impact)
Discussion
Software update configuration. Point to DOD approved update server. Configure for automatic install of critical updates.
Check Content
To check if the CatalogURL is configured, run the following command: defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist CatalogURL 2017-11-30 22:21:41.805 defaults[1205:9595] The domain/default pair of (/Library/Preferences/com.apple.SoftwareUpdate.plist, CatalogURL) does not exist. If the output is not an error indicating the item "does not exist" or the output is not a DoD-approved update server, this is a finding. Note: Updates are required to be applied with a frequency determined by the site or Program Management Office (PMO).
Fix Text
To remove the Apple software list from the system configuration run the following command: sudo defaults delete /Library/Preferences/com.apple.SoftwareUpdate.plist CatalogURL
Additional Identifiers
Rule ID: SV-214866r609363_rule
Vulnerability ID: V-214866
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |