Automatic actions must be disabled for blank CDs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58273 | AOSX-09-000085 | SV-72703r1_rule | Medium |
| Description |
|---|
| Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti-virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for blank CDs mitigates this risk. |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-59097r1_chk ) |
|---|
| To check if the system has the correct setting for blank CDs in the configuration profile, run the following command: system_profiler SPConfigurationProfileDataType | grep -A 2 'com.apple.digihub.blank.cd.appeared' If this is not defined or 'action' is not set to '1', this is a finding. |
| Fix Text (F-63587r1_fix) |
|---|
| This setting is enforced using a configuration profile. |