The macOS system must be configured to use an authorized time server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259450 | APPL-14-000170 | SV-259450r940972_rule | Medium |
| Description |
|---|
| Approved time servers must be the only servers configured for use. This rule ensures the uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. An authoritative time server is synchronized with redundant United States Naval Observatory (USNO) time servers as designated for the appropriate DOD network. Satisfies: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144 |
| STIG | Date |
|---|---|
| Apple macOS 14 (Sonoma) Security Technical Implementation Guide | 2024-01-10 |
Details
| Check Text ( C-63189r940970_chk ) |
|---|
| Verify the macOS system is configured to use an authorized time server with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\ .objectForKey('timeServer').js EOS If the result is not an authoritative time server which is synchronized with redundant United States Naval Observatory (USNO) time servers as designated for the appropriate DoD network, this is a finding. |
| Fix Text (F-63097r940971_fix) |
|---|
| Configure the macOS system to use an authorized time server by installing the "com.apple.MCX" configuration profile. |