The macOS system must be integrated into a directory services infrastructure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-230755 | APPL-11-000016 | SV-230755r599842_rule | High |
| Description |
|---|
| Distinct user account databases on each separate system cause problems with username and password policy enforcement. Most approved directory services infrastructure solutions allow centralized management of users and passwords. |
| STIG | Date |
|---|---|
| Apple macOS 11 (Big Sur) Security Technical Implementation Guide | 2022-02-16 |
Details
| Check Text ( C-33700r607152_chk ) |
|---|
| If the system is using a mandatory Smart Card Policy, this is Not Applicable. To determine if the system is integrated to a directory service, run the following command: /usr/bin/dscl localhost -list . | /usr/bin/grep "Active Directory" If no results are returned, this is a finding. |
| Fix Text (F-33673r607153_fix) |
|---|
| Integrate the system into an existing directory services infrastructure. |