Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-209535 | AOSX-14-000016 | SV-209535r610285_rule | High |
Description |
---|
Distinct user account databases on each separate system cause problems with username and password policy enforcement. Most approved directory services infrastructure solutions allow centralized management of users and passwords. |
STIG | Date |
---|---|
Apple OS X 10.14 (Mojave) Security Technical Implementation Guide | 2020-12-11 |
Check Text ( C-9786r282087_chk ) |
---|
If the system is using a mandatory Smart Card Policy, this is Not Applicable. To determine if the system is integrated to a directory service, ask the System Administrator (SA) or Information System Security Officer (ISSO) or run the following command: /usr/bin/sudo dscl localhost -list . | /usr/bin/grep -vE '(Contact | Search | Local)' If nothing is returned, or if the system is not integrated into a directory service infrastructure, this is a finding. |
Fix Text (F-9786r282088_fix) |
---|
Integrate the system into an existing directory services infrastructure. |