The macOS system must enable System Integrity Protection.
DISA Rule
SV-230845r599842_rule
Vulnerability Number
V-230845
Group Title
SRG-OS-000051-GPOS-00024
Rule Version
APPL-11-005001
Severity
CAT II
CCI(s)
- CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.
- CCI-000154 - The information system provides the capability to centrally review and analyze audit records from multiple components within the system.
- CCI-000158 - The information system provides the capability to process audit records for events of interest based on organization-defined audit fields within audit records.
- CCI-001493 - The information system protects audit tools from unauthorized access.
- CCI-001494 - The information system protects audit tools from unauthorized modification.
- CCI-001495 - The information system protects audit tools from unauthorized deletion.
- CCI-001499 - The organization limits privileges to change software resident within software libraries.
- CCI-001875 - The information system provides an audit reduction capability that supports on-demand audit review and analysis.
- CCI-001876 - The information system provides an audit reduction capability that supports on-demand reporting requirements.
- CCI-001877 - The information system provides an audit reduction capability that supports after-the-fact investigations of security incidents.
- CCI-001878 - The information system provides a report generation capability that supports on-demand audit review and analysis.
- CCI-001879 - The information system provides a report generation capability that supports on-demand reporting requirements.
- CCI-001880 - The information system provides a report generation capability that supports after-the-fact investigations of security incidents.
- CCI-001881 - The information system provides an audit reduction capability that does not alter original content or time ordering of audit records.
- CCI-001882 - The information system provides a report generation capability that does not alter original content or time ordering of audit records.
Weight
10
Fix Recommendation
To re-enable "System Integrity Protection", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the following command:
/usr/bin/csrutil enable
Check Contents
System Integrity Protection is a security feature, enabled by default, that protects certain system processes and files from being modified or tampered with. Check the current status of "System Integrity Protection" with the following command:
/usr/bin/csrutil status
If the result does not show the following, this is a finding.
System Integrity Protection status: enabled
Vulnerability Number
V-230845
Documentable
False
Rule Version
APPL-11-005001
Severity Override Guidance
System Integrity Protection is a security feature, enabled by default, that protects certain system processes and files from being modified or tampered with. Check the current status of "System Integrity Protection" with the following command:
/usr/bin/csrutil status
If the result does not show the following, this is a finding.
System Integrity Protection status: enabled
Check Content Reference
M
Target Key
5246
Comments