STIGQter STIGQter: STIG Summary: Apple OS X 10.13 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020: The macOS system must be configured to disable the Network File System (NFS) stat daemon unless it is required.

DISA Rule

SV-96229r1_rule

Vulnerability Number

V-81515

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

AOSX-13-000143

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To disable the NFS stat daemon, run the following command:

/usr/bin/sudo /bin/launchctl disable system/com.apple.statd.notify

The system may need to be restarted for the update to take effect.

Check Contents

If the NFS stat daemon is required, this is not applicable.

To check if the NFS stat daemon is disabled, use the following command:

/usr/bin/sudo /bin/launchctl print-disabled system | /usr/bin/grep com.apple.statd.notify

If the results do not show the following, this is a finding:

"com.apple.statd.notify" => true

Vulnerability Number

V-81515

Documentable

False

Rule Version

AOSX-13-000143

Severity Override Guidance

If the NFS stat daemon is required, this is not applicable.

To check if the NFS stat daemon is disabled, use the following command:

/usr/bin/sudo /bin/launchctl print-disabled system | /usr/bin/grep com.apple.statd.notify

If the results do not show the following, this is a finding:

"com.apple.statd.notify" => true

Check Content Reference

M

Target Key

3329

Comments