STIGQter: STIG Summary: Apple macOS 11 (Big Sur) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts.

DISA Rule

SV-230838r599842_rule

Vulnerability Number

V-230838

Group Title

SRG-OS-000107-GPOS-00054

Rule Version

APPL-11-003020

Severity

CAT I

CCI(s)

• CCI-000187 - The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group.
• CCI-000767 - The information system implements multifactor authentication for local access to privileged accounts.
• CCI-000768 - The information system implements multifactor authentication for local access to non-privileged accounts.

Weight

10

Fix Recommendation

This setting is enforced using the "Smart Card Policy" configuration profile.

Note: Before applying the "Smart Card Policy", the supplemental guidance provided with the STIG must be consulted to ensure continued access to the operating system.

Check Contents

To verify that the system is configured to enforce multi-factor authentication, run the following commands:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep enforceSmartCard

If the results do not show "enforceSmartCard=1", this is a finding.
.

Vulnerability Number

V-230838

Documentable

False

Rule Version

APPL-11-003020

Severity Override Guidance

To verify that the system is configured to enforce multi-factor authentication, run the following commands:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep enforceSmartCard

If the results do not show "enforceSmartCard=1", this is a finding.
.

Check Content Reference

M

Target Key

5246

Comments