Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The macOS system must restrict the ability of individuals to write to external optical media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-252539 | APPL-12-005053 | SV-252539r816431_rule | Low |
| Description |
|---|
| External writeable media devices must be disabled for users. External optical media devices can be used to exfiltrate sensitive data if an approved data-loss prevention (DLP) solution is not installed. |
| STIG | Date |
|---|---|
| Apple macOS 12 (Monterey) Security Technical Implementation Guide | 2023-02-13 |
Details
| Check Text ( C-55995r816429_chk ) |
|---|
| Verify the system is configured to disable writing to external optical media devices: $ /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep 'BurnSupport' BurnSupport = off; If the command does not return a line, this is a finding. If 'BurnSupport' is set to a value other than 'off' and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding. |
| Fix Text (F-55945r816430_fix) |
|---|
| This setting is enforced using the "Restrictions Policy" configuration profile. |