UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The macOS system must disable the Touch ID feature.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214865 AOSX-13-000551 SV-214865r507075_rule Medium
Description
The Touch ID feature permits users to add additional fingerprints to unlock the host. These fingerprints may be for the user or anyone else. Because unauthorized users may gain access to the system, the use of Touch ID must be limited.
STIG Date
Apple OS X 10.13 Security Technical Implementation Guide 2020-09-11

Details

Check Text ( C-16065r397167_chk )
To view the setting for Touch ID configuration, run the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowFingerprintForUnlock

If the output is null, not "allowFingerprintForUnlock = 0" this is a finding.
Fix Text (F-16063r397168_fix)
This setting is enforced using the "Restrictions" configuration profile.