mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-09 16:22:18 +00:00
51 lines
1.7 KiB
YAML
51 lines
1.7 KiB
YAML
id: os_separate_functionality
|
|
title: Configure the System to Separate User and System Functionality
|
|
discussion: |-
|
|
The information system _IS_ configured to separate user and system functionality.
|
|
|
|
Operating system management functionality includes functions necessary for administration and requires privileged user access. Allowing non-privileged users to access operating system management functionality capabilities increases the risk that non-privileged users may obtain elevated privileges. Operating system management functionality includes functions necessary to administer console, network components, workstations, or servers and typically requires privileged user access.
|
|
|
|
The inherent configuration of the macOS allows only privileged users to access operating system management functionalities.
|
|
|
|
link:https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/DesigningDaemons.html[]
|
|
|
|
NOTE: The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
|
|
references:
|
|
nist:
|
|
cce:
|
|
macos_15:
|
|
- CCE-94291-2
|
|
macos_14:
|
|
- CCE-92886-1
|
|
macos_13:
|
|
- CCE-91876-3
|
|
800-53r5:
|
|
- SC-2
|
|
- MA-4(1)
|
|
800-171r3:
|
|
- 03.01.03
|
|
- 03.01.05
|
|
- 03.01.07
|
|
disa:
|
|
srg:
|
|
- SRG-OS-000132-GPOS-00067
|
|
cmmc:
|
|
- SC.L2-3.13.3
|
|
platforms:
|
|
macOS:
|
|
'15.0': {}
|
|
'14.0': {}
|
|
'13.0': {}
|
|
enforcement_info:
|
|
fix:
|
|
additional_info: The technology inherently meets this requirement. No fix is required.
|
|
tags:
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- 800-171
|
|
- inherent
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
- cmmc_lvl2
|
|
- cnssi-1253_moderate
|