UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The macOS system must enable certificate for smartcards.


Overview

Finding ID Version Rule ID IA Controls Severity
V-209614 AOSX-14-003002 SV-209614r507076_rule Medium
Description
To prevent untrusted certificates the certificates on a smartcard card must be valid in these ways: its issuer is system-trusted, the certificate is not expired, its "valid-after" date is in the past, and it passes CRL and OCSP checking.
STIG Date
Apple OS X 10.14 (Mojave) Security Technical Implementation Guide 2020-09-11

Details

Check Text ( C-9865r282324_chk )
To view the setting for the smartcard certification configuration, run the following command:

sudo /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep checkCertificateTrust

If the return is not "checkCertificateTrust = 1;" with the numeral equal to 1 or greater, this is a finding.
Fix Text (F-9865r282325_fix)
This setting is enforced using the "Smart Card Policy" configuration profile.

Note: Before applying the "Smart Card Policy", the supplemental guidance provided with the STIG should be consulted to ensure continued access to the operating system.