The macOS system must enable System Integrity Protection.
DISA Rule
SV-209635r610285_rule
Vulnerability Number
V-209635
Group Title
SRG-OS-000051-GPOS-00024
Rule Version
AOSX-14-005001
Severity
CAT II
CCI(s)
- CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.
- CCI-000154 - The information system provides the capability to centrally review and analyze audit records from multiple components within the system.
- CCI-000158 - The information system provides the capability to process audit records for events of interest based on organization-defined audit fields within audit records.
- CCI-001493 - The information system protects audit tools from unauthorized access.
- CCI-001494 - The information system protects audit tools from unauthorized modification.
- CCI-001495 - The information system protects audit tools from unauthorized deletion.
- CCI-001499 - The organization limits privileges to change software resident within software libraries.
- CCI-001875 - The information system provides an audit reduction capability that supports on-demand audit review and analysis.
- CCI-001876 - The information system provides an audit reduction capability that supports on-demand reporting requirements.
- CCI-001877 - The information system provides an audit reduction capability that supports after-the-fact investigations of security incidents.
- CCI-001878 - The information system provides a report generation capability that supports on-demand audit review and analysis.
- CCI-001879 - The information system provides a report generation capability that supports on-demand reporting requirements.
- CCI-001880 - The information system provides a report generation capability that supports after-the-fact investigations of security incidents.
- CCI-001881 - The information system provides an audit reduction capability that does not alter original content or time ordering of audit records.
- CCI-001882 - The information system provides a report generation capability that does not alter original content or time ordering of audit records.
Weight
10
Fix Recommendation
To reenable "System Integrity Protection", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the following command:
/usr/bin/csrutil enable
Check Contents
System Integrity Protection is a security feature, enabled by default, that protects certain system processes and files from being modified or tampered with. Check the current status of "System Integrity Protection" with the following command:
/usr/bin/csrutil status
If the result does not show the following, this is a finding.
System Integrity Protection status: enabled
Vulnerability Number
V-209635
Documentable
False
Rule Version
AOSX-14-005001
Severity Override Guidance
System Integrity Protection is a security feature, enabled by default, that protects certain system processes and files from being modified or tampered with. Check the current status of "System Integrity Protection" with the following command:
/usr/bin/csrutil status
If the result does not show the following, this is a finding.
System Integrity Protection status: enabled
Check Content Reference
M
Target Key
2930
Comments
STIGQter: STIG Summary: Apple OS X 10.14 (Mojave) Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: