Check: AOSX-14-000016
Apple OS X 10.14 (Mojave) STIG:
AOSX-14-000016
(in versions v2 r6 through v1 r1)
Title
The macOS system must be integrated into a directory services infrastructure. (Cat I impact)
Discussion
Distinct user account databases on each separate system cause problems with username and password policy enforcement. Most approved directory services infrastructure solutions allow centralized management of users and passwords.
Check Content
If the system is using a mandatory Smart Card Policy, this is Not Applicable. To determine if the system is integrated to a directory service, ask the System Administrator (SA) or Information System Security Officer (ISSO) or run the following command: /usr/bin/sudo dscl localhost -list . | /usr/bin/grep -vE '(Contact | Search | Local)' If nothing is returned, or if the system is not integrated into a directory service infrastructure, this is a finding.
Fix Text
Integrate the system into an existing directory services infrastructure.
Additional Identifiers
Rule ID: SV-209535r610285_rule
Vulnerability ID: V-209535
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |