Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The FireWire protocol driver must be removed or disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-53857 | OSX8-00-00845 | SV-68075r1_rule | Medium |
| Description |
|---|
| Malicious code is known to propagate via removable media such as floppy disks, USB or flash drives, and removable hard drives. In order to prevent propagation and potential infection due to malware contained on removable media the operating system must be able to restrict and/or limit the use of removable media. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-54701r1_chk ) |
|---|
| This command checks for the presence of the FireWire protocol kext (driver). This is the primary driver for FireWire communication and, if removed, will disable the ability to communicate with FireWire devices. If this command returns any value other than "No such file or directory" this is a finding. ls -ld /System/Library/Extensions/IOFireWireSerialBusProtocolTransport.kext The check to see if a configuration profile is configured to not allow external removable media, run the following command: system_profiler SPConfigurationProfileDataType | grep -A 3 "harddisk-external" | sed 's/ //g' | tr "\n" " " | awk '{ print $2 $3 }' If the result is not "eject,alert" this is a finding. |
| Fix Text (F-58689r1_fix) |
|---|
| To remove the driver for FireWire, run the following command: sudo rm -Rf /System/Library/Extensions/IOFireWireSerialBusProtocolTransport.kext This should be enforced by a configuration profile. |