STIGQter: STIG Summary: Apple macOS 11 (Big Sur) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.

DISA Rule

SV-230830r599842_rule

Vulnerability Number

V-230830

Group Title

SRG-OS-000066-GPOS-00034

Rule Version

APPL-11-003001

Severity

CAT I

CCI(s)

• CCI-000185 - The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.
• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Obtain the approved DOD certificates from the appropriate authority. Use Keychain Access from "/Applications/Utilities" to add certificates to the System Keychain.

Check Contents

To view a list of installed certificates, run the following command:

/usr/bin/sudo /usr/bin/security dump-keychain | /usr/bin/grep labl | awk -F\" '{ print $4 }'

If this list contains unapproved certificates, this is a finding.

Vulnerability Number

V-230830

Documentable

False

Rule Version

APPL-11-003001

Severity Override Guidance

To view a list of installed certificates, run the following command:

/usr/bin/sudo /usr/bin/security dump-keychain | /usr/bin/grep labl | awk -F\" '{ print $4 }'

If this list contains unapproved certificates, this is a finding.

Check Content Reference

M

Target Key

5246

Comments