The macOS system must map the authenticated identity to the user or group account for PKI-based authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-209615 | AOSX-14-003005 | SV-209615r610285_rule | Medium |
| Description |
|---|
| Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis. |
| STIG | Date |
|---|---|
| Apple OS X 10.14 (Mojave) Security Technical Implementation Guide | 2021-11-19 |
Details
| Check Text ( C-9866r466270_chk ) |
|---|
| To view the setting for the smartcard certification configuration, run the following command: sudo /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep enforceSmartCard If the return is not "enforceSmartCard = 1;" this is a finding. |
| Fix Text (F-9866r466271_fix) |
|---|
| For stand-alone systems, this setting is enforced using the "Smart Card Policy" configuration profile. Note: Before applying the "Smart Card Policy", the supplemental guidance provided with the STIG should be consulted to ensure continued access to the operating system. |