STIGQter STIGQter: STIG Summary: Apple OS X 10.15 (Catalina) Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 23 Apr 2021:

The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.

DISA Rule

SV-225157r610901_rule

Vulnerability Number

V-225157

Group Title

SRG-OS-000376-GPOS-00161

Rule Version

AOSX-15-001060

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

This setting is enforced using the "Smart Card Policy" configuration profile.

Note: Before applying the "Smart Card Policy", the supplemental guidance provided with the STIG should be consulted to ensure continued access to the operating system.

Check Contents

To verify that certificate checks are occurring, run the following command.

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep checkCertificateTrust

If the output is null or the value returned, "checkCertificateTrust = 1", is not equal to (1) or greater, this is a finding.

Vulnerability Number

V-225157

Documentable

False

Rule Version

AOSX-15-001060

Severity Override Guidance

To verify that certificate checks are occurring, run the following command.

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep checkCertificateTrust

If the output is null or the value returned, "checkCertificateTrust = 1", is not equal to (1) or greater, this is a finding.

Check Content Reference

M

Target Key

4212

Comments