From 3669ed7dca66c019441dc8ae2d4a3219ea74ae24 Mon Sep 17 00:00:00 2001 From: Dan Brodjieski Date: Wed, 9 Feb 2022 13:02:58 -0500 Subject: [PATCH] APPL-12-002070 --- rules/os/os_anti_virus_installed.yaml | 12 ++++++------ rules/os/os_config_data_install_enforce.yaml | 8 +++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/rules/os/os_anti_virus_installed.yaml b/rules/os/os_anti_virus_installed.yaml index 6e89266f..2e3b1b5a 100644 --- a/rules/os/os_anti_virus_installed.yaml +++ b/rules/os/os_anti_virus_installed.yaml @@ -1,14 +1,15 @@ id: os_anti_virus_installed title: "Must Use an Approved Antivirus Program" discussion: | - An approved antivirus product _MUST_ be installed and configured to run. + An approved antivirus product _MUST_ be installed and configured to run. - Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system. + Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operating system.' check: | - Ask the System Administrator (SA) or Information System Security Officer (ISSO) if an approved antivirus solution is loaded on the system. The antivirus solution may be bundled with an approved host-based security solution. - If there is no local antivirus solution installed on the system, this is a finding. + /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.mrt" => false' +result: + integer: 1 fix: | - Install an approved antivirus solution onto the system. + /usr/bin/sudo /bin/launchctl enable system/com.apple.mrt references: cce: - CCE-90900-2 @@ -25,7 +26,6 @@ references: macOS: - "12.0" tags: - - manual - stig severity: "high" mobileconfig: false diff --git a/rules/os/os_config_data_install_enforce.yaml b/rules/os/os_config_data_install_enforce.yaml index 87ac5632..c6312204 100644 --- a/rules/os/os_config_data_install_enforce.yaml +++ b/rules/os/os_config_data_install_enforce.yaml @@ -18,16 +18,16 @@ references: cce: - CCE-90913-5 cci: - - N/A + - CCI-000366 800-53r5: - SI-3 - SI-2(5) 800-53r4: - N/A srg: - - N/A + - SRG-OS-000480-GPOS-00227 disa_stig: - - N/A + - APPL-12-002070 800-171r2: - N/A cisv8: @@ -41,6 +41,8 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig +severity: "high" mobileconfig: true mobileconfig_info: com.apple.SoftwareUpdate: