UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system firewall must be configured with a default-deny policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-67541 AOSX-11-000155 SV-82031r1_rule Medium
Description
An approved firewall must be installed and enabled to work in concert with the OS X Application Firewall. When configured correctly, firewalls protect computers from network attacks by blocking or limiting access to open network ports.
STIG Date
Apple OS X 10.11 Security Technical Implementation Guide 2017-07-11

Details

Check Text ( C-68107r1_chk )
The system firewall must be configured with a "default-deny" policy. Ask the SA or ISSO if an approved firewall is loaded on the system. The recommended system is the McAfee HBSS.

If there is no firewall installed on the system, this is a finding.

If there is a firewall installed and it is not configured with a "default-deny" policy, this is a finding.
Fix Text (F-73655r1_fix)
Install an approved HBSS or firewall solution onto the system and configure it with a "default-deny" policy.