The macOS system must disable the Touch ID feature.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-214865 | AOSX-13-000551 | SV-214865r609363_rule | Medium |
| Description |
|---|
| The Touch ID feature permits users to add additional fingerprints to unlock the host. These fingerprints may be for the user or anyone else. Because unauthorized users may gain access to the system, the use of Touch ID must be limited. |
| STIG | Date |
|---|---|
| Apple OS X 10.13 Security Technical Implementation Guide | 2021-11-19 |
Details
| Check Text ( C-16065r397167_chk ) |
|---|
| To view the setting for Touch ID configuration, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowFingerprintForUnlock If the output is null, not "allowFingerprintForUnlock = 0" this is a finding. |
| Fix Text (F-16063r397168_fix) |
|---|
| This setting is enforced using the "Restrictions" configuration profile. |