STIGQter: STIG Summary: Apple macOS 11 (Big Sur) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The macOS system must authenticate peripherals before establishing a connection.

DISA Rule

SV-230828r599842_rule

Vulnerability Number

V-230828

Group Title

SRG-OS-000378-GPOS-00163

Rule Version

APPL-11-002069

Severity

CAT II

CCI(s)

• CCI-001958 - The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection.

Weight

10

Fix Recommendation

To ensure that authentication is required to access all system level preference panes use the following procedure:

Copy the authorization database to a file using the following command:
/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences > ~/Desktop/authdb.txt
edit the file to change:
<key>shared</key>
<true/>
To read:
<key>shared</key>
<false/>

Reload the authorization database with the following command:
/usr/bin/sudo /usr/bin/security authorizationdb write system.preferences < ~/Desktop/authdb.txt

Check Contents

To check that macOS is configured to require authentication to all system preference panes, use the following commands:

/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences | grep -A1 shared

If what is returned does not include the following, this is a finding.
<key>shared</key>
<false/>

Vulnerability Number

V-230828

Documentable

False

Rule Version

APPL-11-002069

Severity Override Guidance

To check that macOS is configured to require authentication to all system preference panes, use the following commands:

/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences | grep -A1 shared

If what is returned does not include the following, this is a finding.
<key>shared</key>
<false/>

Check Content Reference

M

Target Key

5246

Comments