Check: AOSX-14-002069
Apple OS X 10.14 (Mojave) STIG:
AOSX-14-002069
(in versions v2 r6 through v2 r2)
Title
The macOS system must authenticate peripherals before establishing a connection. (Cat II impact)
Discussion
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Peripherals include, but are not limited to, such devices as flash drives, external storage, and printers.
Check Content
To check that macOS is configured to require authentication to all system preference panes, use the following commands: /usr/bin/sudo /usr/bin/security authorizationdb read system.preferences | grep -A1 shared If what is returned does not include the following, this is a finding. <key>shared</key> <false/>
Fix Text
To ensure that authentication is required to access all system level preference panes use the following procedure: Copy the authorization database to a file using the following command: /usr/bin/sudo /usr/bin/security authorizationdb read system.preferences > ~/Desktop/authdb.txt Edit the file to change: <key>shared</key> <true/> To read: <key>shared</key> <false/> Reload the authorization database with the following command: /usr/bin/sudo /usr/bin/security authorizationdb write system.preferences < ~/Desktop/authdb.txt
Additional Identifiers
Rule ID: SV-234699r615888_rule
Vulnerability ID: V-234699
Group Title: SRG-OS-000378-GPOS-00163
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001958 |
The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection. |
Controls
Number | Title |
---|---|
IA-3 |
Device Identification And Authentication |