Check: AOSX-14-003005
Apple OS X 10.14 (Mojave) STIG:
AOSX-14-003005
(in versions v2 r6 through v1 r1)
Title
The macOS system must map the authenticated identity to the user or group account for PKI-based authentication. (Cat II impact)
Discussion
Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.
Check Content
To view the setting for the smartcard certification configuration, run the following command: sudo /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep enforceSmartCard If the return is not "enforceSmartCard = 1;" this is a finding.
Fix Text
For stand-alone systems, this setting is enforced using the "Smart Card Policy" configuration profile. Note: Before applying the "Smart Card Policy", the supplemental guidance provided with the STIG should be consulted to ensure continued access to the operating system.
Additional Identifiers
Rule ID: SV-209615r610285_rule
Vulnerability ID: V-209615
Group Title: SRG-OS-000068-GPOS-00036
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000187 |
The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group. |
Controls
Number | Title |
---|---|
IA-5 (2) |
Pki-Based Authentication |