STIGQter STIGQter: STIG Summary: Apple OS X 10.15 (Catalina) Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 23 Apr 2021:

The macOS system must be configured with a firmware password to prevent access to single user mode and booting from alternative media.

DISA Rule

SV-225211r610901_rule

Vulnerability Number

V-225211

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AOSX-15-003013

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To set a firmware passcode use the following command.

sudo /usr/sbin/firmwarepasswd -setpasswd

Note: If firmware password or passcode is forgotten, the only way to reset the forgotten password is through the use of a machine specific binary generated and provided by Apple. Schedule a support call, and provide proof of purchase before the firmware binary will be generated.

Check Contents

To ensure that a firmware password is set, run the following command:

# sudo /usr/sbin/firmwarepasswd -check

If the return is not, "Password Enabled: Yes", this is a finding

Vulnerability Number

V-225211

Documentable

False

Rule Version

AOSX-15-003013

Severity Override Guidance

To ensure that a firmware password is set, run the following command:

# sudo /usr/sbin/firmwarepasswd -check

If the return is not, "Password Enabled: Yes", this is a finding

Check Content Reference

M

Target Key

4212

Comments