Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
System Preferences must be securely configured so IPv6 is turned off if not being used.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58459 | AOSX-09-001240 | SV-72889r1_rule | Medium |
| Description |
|---|
| Security appliances and firewalls are not always IPv6 aware, meaning that IPv6 traffic is frequently unfiltered and unprotected. If it is not in use, it should be disabled. |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2015-02-26 |
Details
| Check Text ( C-59301r1_chk ) |
|---|
| Run the following command to check if IPv6 is enabled on any network interfaces: sudo networksetup -listallnetworkservices | (while read dev; do echo "$dev"; networksetup -getinfo "$dev" | grep IPv6:; echo ; done) If there is an enabled network interface without the setting 'IPv6: Off' and it does not require IPv6, this is a finding. |
| Fix Text (F-63789r1_fix) |
|---|
| Run the following command to turn off IPv6 addressing for the Ethernet interface: sudo networksetup -setv6off 'Ethernet' Repeat this command for each enabled interface, interface names are case sensitive. |