STIGQter: STIG Summary: Apple OS X 10.14 (Mojave) Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.

DISA Rule

SV-209540r610285_rule

Vulnerability Number

V-209540

Group Title

SRG-OS-000023-GPOS-00006

Rule Version

AOSX-14-000024

Severity

CAT II

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
• CCI-000050 - The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system.

Weight

10

Fix Recommendation

For systems that allow remote access through SSH, modify the "/etc/ssh/sshd_config" file to add or update the following line:

Banner /etc/banner

Check Contents

For systems that allow remote access through SSH, run the following command to verify that "/etc/banner" is displayed before granting access:

# /usr/bin/grep Banner /etc/ssh/sshd_config

If the sshd Banner configuration option does not point to "/etc/banner", this is a finding.

Vulnerability Number

V-209540

Documentable

False

Rule Version

AOSX-14-000024

Severity Override Guidance

For systems that allow remote access through SSH, run the following command to verify that "/etc/banner" is displayed before granting access:

# /usr/bin/grep Banner /etc/ssh/sshd_config

If the sshd Banner configuration option does not point to "/etc/banner", this is a finding.

Check Content Reference

M

Target Key

2930

Comments