mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 14:03:24 +00:00
56 lines
1.1 KiB
YAML
56 lines
1.1 KiB
YAML
id: os_software_update_deferral
|
|
title: Ensure Software Update Deferment Is Less Than or Equal to $ODV Days
|
|
discussion: |
|
|
Software updates _MUST_ be deferred for $ODV days or less.
|
|
|
|
If you need to defer software updates, create a Restrictions profile using the com.apple.applicationaccess domain and the key enforcedSoftwareUpdateDelay.
|
|
check: |
|
|
/usr/bin/osascript -l JavaScript << EOS
|
|
function run() {
|
|
let timeout = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
|
|
.objectForKey('enforcedSoftwareUpdateDelay')) || 0
|
|
if ( timeout <= $ODV ) {
|
|
return("true")
|
|
} else {
|
|
return("false")
|
|
}
|
|
}
|
|
EOS
|
|
result:
|
|
string: 'true'
|
|
fix: |
|
|
This is implemented by a Configuration Profile.
|
|
references:
|
|
cce:
|
|
- CCE-95303-4
|
|
cci:
|
|
- N/A
|
|
800-53r5:
|
|
- N/A
|
|
800-53r4:
|
|
- N/A
|
|
srg:
|
|
- N/A
|
|
disa_stig:
|
|
- N/A
|
|
800-171r3:
|
|
- N/A
|
|
cis:
|
|
benchmark:
|
|
- 1.6 (level 1)
|
|
controls v8:
|
|
- 7.3
|
|
- 7.4
|
|
macOS:
|
|
- '26.0'
|
|
odv:
|
|
hint: Number of days.
|
|
recommended: 30
|
|
cis_lvl1: 30
|
|
cis_lvl2: 30
|
|
tags:
|
|
- cis_lvl1
|
|
- cis_lvl2
|
|
mobileconfig: false
|
|
mobileconfig_info:
|