APPL-12-002070

rules/os/os_anti_virus_installed.yaml

@@ -1,14 +1,15 @@
 id: os_anti_virus_installed
 title: "Must Use an Approved Antivirus Program"
 discussion: |
-  An approved antivirus product _MUST_ be installed and configured to run. 
+  An approved antivirus product _MUST_ be installed and configured to run.
 
-  Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.
+  Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.'
 check: |
-  Ask the System Administrator (SA) or Information System Security Officer (ISSO) if an approved antivirus solution is loaded on the system. The antivirus solution may be bundled with an approved host-based security solution. 
-  If there is no local antivirus solution installed on the system, this is a finding.
+  /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.mrt" => false'
+result:
+  integer: 1
 fix: |
-  Install an approved antivirus solution onto the system.
+  /usr/bin/sudo /bin/launchctl enable system/com.apple.mrt
 references:
   cce:
     - CCE-90900-2
@@ -25,7 +26,6 @@ references:
 macOS:
   - "12.0"
 tags:
-  - manual
   - stig
 severity: "high"
 mobileconfig: false

rules/os/os_config_data_install_enforce.yaml

@@ -18,16 +18,16 @@ references:
   cce:
     - CCE-90913-5
   cci: 
-    - N/A
+    - CCI-000366
   800-53r5:
     - SI-3
     - SI-2(5)
   800-53r4:
     - N/A
   srg:
-    - N/A
+    - SRG-OS-000480-GPOS-00227
   disa_stig:
-    - N/A
+    - APPL-12-002070
   800-171r2:
     - N/A
   cisv8:
@@ -41,6 +41,8 @@ tags:
   - 800-53r5_moderate
   - 800-53r5_high
   - cisv8
+  - stig
+severity: "high"
 mobileconfig: true
 mobileconfig_info:
   com.apple.SoftwareUpdate: