STIGQter STIGQter: STIG Summary: Apple macOS 11 (Big Sur) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The macOS system must enable System Integrity Protection.

DISA Rule

SV-230845r599842_rule

Vulnerability Number

V-230845

Group Title

SRG-OS-000051-GPOS-00024

Rule Version

APPL-11-005001

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To re-enable "System Integrity Protection", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the following command:

/usr/bin/csrutil enable

Check Contents

System Integrity Protection is a security feature, enabled by default, that protects certain system processes and files from being modified or tampered with. Check the current status of "System Integrity Protection" with the following command:

/usr/bin/csrutil status

If the result does not show the following, this is a finding.

System Integrity Protection status: enabled

Vulnerability Number

V-230845

Documentable

False

Rule Version

APPL-11-005001

Severity Override Guidance

System Integrity Protection is a security feature, enabled by default, that protects certain system processes and files from being modified or tampered with. Check the current status of "System Integrity Protection" with the following command:

/usr/bin/csrutil status

If the result does not show the following, this is a finding.

System Integrity Protection status: enabled

Check Content Reference

M

Target Key

5246

Comments