Application Restrictions must be enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51603 | OSX8-00-00460 | SV-65813r1_rule | Medium |
| Description |
|---|
| Operating systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions) and will reduce the attack surface of the operating system. End-users should be restricted to running only approved applications. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53925r1_chk ) |
|---|
| To check if there is a configuration policy defined for Application Restrictions, run the following command: sudo profiles -Pv | grep "Application Restrictions" If nothing is returned, this is a finding. |
| Fix Text (F-56405r1_fix) |
|---|
| A configuration profile should exist to restrict launching of applications. |