STIGQter STIGQter: STIG Summary: Apple OS X 10.14 (Mojave) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: The macOS system must uniquely identify peripherals before establishing a connection.

DISA Rule

SV-104725r1_rule

Vulnerability Number

V-95541

Group Title

SRG-OS-000114-GPOS-00059

Rule Version

AOSX-14-002069

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To ensure that authentication is required to access all system level preference panes use the following procedure:

Copy the authorization database to a file using the following command:
/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences > ~/Desktop/authdb.txt
edit the file to change:
<key>shared</key>
<true/>
To read:
<key>shared</key>
<false/>

Reload the authorization database with the following command:
/usr/bin/sudo /usr/bin/security authorizationdb write system.preferences < ~/Desktop/authdb.txt

Check Contents

To check that macOS is configured to require authentication to all system preference panes, use the following commands:

/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences | grep -A1 shared

If what is returned does not include the following, this is a finding.
<key>shared</key>
<false/>

Vulnerability Number

V-95541

Documentable

False

Rule Version

AOSX-14-002069

Severity Override Guidance

To check that macOS is configured to require authentication to all system preference panes, use the following commands:

/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences | grep -A1 shared

If what is returned does not include the following, this is a finding.
<key>shared</key>
<false/>

Check Content Reference

M

Target Key

3429

Comments