Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-234700 | AOSX-15-002069 | SV-234700r615899_rule | Medium |
Description |
---|
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Peripherals include, but are not limited to, such devices as flash drives, external storage, and printers. |
STIG | Date |
---|---|
Apple OS X 10.15 (Catalina) Security Technical Implementation Guide | 2021-11-19 |
Check Text ( C-37884r621681_chk ) |
---|
To check that macOS is configured to require authentication to all system preference panes, use the following commands: /usr/bin/sudo /usr/bin/security authorizationdb read system.preferences | grep -A1 shared If what is returned does not include the following, this is a finding. |
Fix Text (F-26889r485788_fix) |
---|
To ensure that authentication is required to access all system level preference panes use the following procedure: Copy the authorization database to a file using the following command: /usr/bin/sudo /usr/bin/security authorizationdb read system.preferences > ~/Desktop/authdb.txt Edit the file to change: To read: Reload the authorization database with the following command: /usr/bin/sudo /usr/bin/security authorizationdb write system.preferences < ~/Desktop/authdb.txt |