The macOS system must authorize USB devices before allowing connection.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259572	APPL-14-005090	SV-259572r986236_rule		Medium

Description
USB devices connected to a Mac must be authorized. [IMPORTANT] ==== This feature is removed if a smart card is paired or smart card attribute mapping is configured. ====

STIG	Date
Apple macOS 14 (Sonoma) Security Technical Implementation Guide	2024-05-30

Details

Check Text ( C-63311r941336_chk )
Verify the macOS system is configured to authorize USB devices before allowing connection with the following command: /usr/bin/osascript -l JavaScript << EOS function run() { let pref1 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\ .objectForKey('allowUSBRestrictedMode')) if ( pref1 == false ) { return("false") } else { return("true") } } EOS If the result is not "true", this is a finding.

Check Text ( C-63311r941336_chk )

Verify the macOS system is configured to authorize USB devices before allowing connection with the following command:

/usr/bin/osascript -l JavaScript << EOS
function run() {
let pref1 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowUSBRestrictedMode'))
if ( pref1 == false ) {
return("false")
} else {
return("true")
}
}
EOS

If the result is not "true", this is a finding.

Fix Text (F-63219r941337_fix)
Configure the macOS system to authorize USB devices before allowing connection by installing the "com.apple.applicationaccess" configuration profile.