STIGQter: STIG Summary: Apple OS X 10.14 (Mojave) Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The macOS system must authenticate peripherals before establishing a connection.

DISA Rule

SV-234699r615888_rule

Vulnerability Number

V-234699

Group Title

SRG-OS-000378-GPOS-00163

Rule Version

AOSX-14-002069

Severity

CAT II

CCI(s)

• CCI-001958 - The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection.

Weight

10

Fix Recommendation

To ensure that authentication is required to access all system level preference panes use the following procedure:

Copy the authorization database to a file using the following command:
/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences > ~/Desktop/authdb.txt

Edit the file to change:
<key>shared</key>
<true/>

To read:
<key>shared</key>
<false/>

Reload the authorization database with the following command:
/usr/bin/sudo /usr/bin/security authorizationdb write system.preferences < ~/Desktop/authdb.txt

Check Contents

To check that macOS is configured to require authentication to all system preference panes, use the following commands:

/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences | grep -A1 shared

If what is returned does not include the following, this is a finding.
<key>shared</key>
<false/>

Vulnerability Number

V-234699

Documentable

False

Rule Version

AOSX-14-002069

Severity Override Guidance

To check that macOS is configured to require authentication to all system preference panes, use the following commands:

/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences | grep -A1 shared

If what is returned does not include the following, this is a finding.
<key>shared</key>
<false/>

Check Content Reference

M

Target Key

2930

Comments