UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The macOS system must enable System Integrity Protection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214834 AOSX-13-000240 SV-214834r609363_rule Medium
Description
The System Integrity Protection is vital to prevent unauthorized and unintended information transfer via shared system resources, protect audit tools from unauthorized access, modification, and deletion, limit privileges to change software resident within software libraries, limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders. SIP also ensures the presence of an audit record generation capability for DoD-defined auditable events for all operating system components, supports on-demand and after-the-fact reporting requirements, does not alter original content or time ordering of audit records. Satisfies: SRG-OS-000051-GPOS-00024, SRG-OS-000054-GPOS-00025, SRG-OS-000062-GPOS-00031, SRG-OS-000122-GPOS-00063, SRG-OS-000138-GPOS-00069, SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099, SRG-OS-000259-GPOS-00100, SRG-OS-000348-GPOS-00136, SRG-OS-000349-GPOS-00137, SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140, SRG-OS-000353-GPOS-00141, SRG-OS-000354-GPOS-00142, SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00230
STIG Date
Apple OS X 10.13 Security Technical Implementation Guide 2021-11-19

Details

Check Text ( C-16034r397074_chk )
System Integrity Protection is a security feature, enabled by default, that protects certain system processes and files from being modified or tampered with. Check the current status of "System Integrity Protection" with the following command:

/usr/bin/csrutil status

If the result does not show the following, this is a finding.

System Integrity Protection status: enabled
Fix Text (F-16032r397075_fix)
To reenable "System Integrity Protection", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the following command:

/usr/bin/csrutil enable