STIGQter STIGQter: STIG Summary: Apple OS X 10.13 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020: The macOS system must allow only applications downloaded from the App Store or properly signed to run.

DISA Rule

SV-96361r2_rule

Vulnerability Number

V-81647

Group Title

SRG-OS-000366-GPOS-00153

Rule Version

AOSX-13-000710

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

This setting is enforced using the "Security and Privacy Policy" configuration profile.

Check Contents

To verify only applications downloaded from the App Store are allowed to run, type the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep -E '(EnableAssessment | AllowIdentifiedDevelopers)’

If the return is null, or is not:
AllowIdentifiedDevelopers = 1;
EnableAssessment = 1;
This is a finding.

Vulnerability Number

V-81647

Documentable

False

Rule Version

AOSX-13-000710

Severity Override Guidance

To verify only applications downloaded from the App Store are allowed to run, type the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep -E '(EnableAssessment | AllowIdentifiedDevelopers)’

If the return is null, or is not:
AllowIdentifiedDevelopers = 1;
EnableAssessment = 1;
This is a finding.

Check Content Reference

M

Target Key

3329

Comments