The macOS system must obtain updates from a DoD-approved update server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-214866	AOSX-13-000552	SV-214866r609363_rule		Medium

Description
Software update configuration. Point to DOD approved update server. Configure for automatic install of critical updates.

STIG	Date
Apple OS X 10.13 Security Technical Implementation Guide	2021-11-19

Details

Check Text ( C-16066r397170_chk )
To check if the CatalogURL is configured, run the following command: defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist CatalogURL 2017-11-30 22:21:41.805 defaults[1205:9595] The domain/default pair of (/Library/Preferences/com.apple.SoftwareUpdate.plist, CatalogURL) does not exist. If the output is not an error indicating the item "does not exist" or the output is not a DoD-approved update server, this is a finding. Note: Updates are required to be applied with a frequency determined by the site or Program Management Office (PMO).

Check Text ( C-16066r397170_chk )

To check if the CatalogURL is configured, run the following command:

defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist CatalogURL

2017-11-30 22:21:41.805 defaults[1205:9595]

The domain/default pair of (/Library/Preferences/com.apple.SoftwareUpdate.plist, CatalogURL) does not exist.

If the output is not an error indicating the item "does not exist" or the output is not a DoD-approved update server, this is a finding.

Note: Updates are required to be applied with a frequency determined by the site or Program Management Office (PMO).

Fix Text (F-16064r397171_fix)
To remove the Apple software list from the system configuration run the following command: sudo defaults delete /Library/Preferences/com.apple.SoftwareUpdate.plist CatalogURL