usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

CMMC Baselines (SSH set to both Disable and Enable) #40

New Issue
Closed
opened 2026-01-19 18:29:01 +00:00 by michael · 1 comment
michael commented 2026-01-19 18:29:01 +00:00
Owner
Copy Link

Originally created by @reuven-cohen on GitHub.

Summary

The CMMC lvl1 and lvl2 Baseline are set to both Disable and Enable SSH Server for Remote Access Sessions.
Shouldn't this just be one or the other?

  - system_settings_ssh_disable
  - system_settings_ssh_enable

Steps to reproduce

Appears to exist on all CMMC baselines in all branches

Operating System version

(macOS Version and build)

Intel or Apple Silicon

(Intel based process or Apple Silicon Mac)

What is the current bug behavior?

(What actually happens)

What is the expected correct behavior?

Remove the entry for system_settings_ssh_enable ?

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.)

Output of checks

(Paste any output that occurs with the bug)

Possible fixes

(If you can, link to the line of code that might be responsible for the problem)

Originally created by @reuven-cohen on GitHub. <!--- Please read this! Before opening a new issue, make sure to search for keywords in the issues filtered by the "regression" or "bug" label and verify the issue you're about to submit isn't a duplicate. ---> ### Summary The CMMC lvl1 and lvl2 Baseline are set to both Disable and Enable SSH Server for Remote Access Sessions. Shouldn't this just be one or the other? - system_settings_ssh_disable - system_settings_ssh_enable ### Steps to reproduce Appears to exist on all CMMC baselines in all branches ### Operating System version (macOS Version and build) ### Intel or Apple Silicon (Intel based process or Apple Silicon Mac) ### What is the current *bug* behavior? (What actually happens) ### What is the expected *correct* behavior? Remove the entry for system_settings_ssh_enable ? ### Relevant logs and/or screenshots (Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.) ### Output of checks (Paste any output that occurs with the bug) ### Possible fixes (If you can, link to the line of code that might be responsible for the problem)
michael commented 2026-01-19 18:29:01 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

CMMC is a baseline based off of NIST 800-171. Much like 171 or 800-53 your organization must make the risk based approach what to apply.

CIS and the DISA STIG are benchmarks with prescribed set of settings and values for them.

For example you will not find in the CMMC document any mention of what value to set your screen saver time out to, but in the DISA STIG you will.

@robertgendler commented on GitHub: CMMC is a baseline based off of NIST 800-171. Much like 171 or 800-53 your organization must make the risk based approach what to apply. CIS and the DISA STIG are benchmarks with prescribed set of settings and values for them. For example you will not find in the CMMC document any mention of what value to set your screen saver time out to, but in the DISA STIG you will.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#40
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?