mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 14:03:24 +00:00
73 lines
1.6 KiB
YAML
73 lines
1.6 KiB
YAML
id: system_settings_time_server_configure
|
|
title: Configure macOS to Use an Authorized Time Server
|
|
discussion: |
|
|
Approved time server _MUST_ be the only server configured for use. As of macOS 10.13 only one time server is supported.
|
|
|
|
This rule ensures the uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.
|
|
check: |
|
|
/usr/bin/osascript -l JavaScript << EOS
|
|
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\
|
|
.objectForKey('timeServer').js
|
|
EOS
|
|
result:
|
|
string: $ODV
|
|
fix: |
|
|
This is implemented by a Configuration Profile.
|
|
references:
|
|
cce:
|
|
- CCE-94404-1
|
|
cci:
|
|
- CCI-001891
|
|
- CCI-002046
|
|
- CCI-004923
|
|
- CCI-004923
|
|
- CCI-004926
|
|
- CCI-004926
|
|
800-53r5:
|
|
- AU-12(1)
|
|
- SC-45(1)
|
|
800-53r4:
|
|
- AU-8(1)
|
|
srg:
|
|
- SRG-OS-000355-GPOS-00143
|
|
- SRG-OS-000356-GPOS-00144
|
|
disa_stig:
|
|
- APPL-15-000170
|
|
800-171r3:
|
|
- 03.03.07
|
|
cis:
|
|
benchmark:
|
|
- 2.3.2.1 (level 1)
|
|
controls v8:
|
|
- 8.4
|
|
cmmc:
|
|
- AU.L2-3.3.7
|
|
macOS:
|
|
- '15.0'
|
|
odv:
|
|
hint: Name of timeserver. As of macOS 10.13 only one time server is supported.
|
|
recommended: time.nist.gov
|
|
cis_lvl1: time.apple.com
|
|
cis_lvl2: time.apple.com
|
|
stig: time.nist.gov
|
|
tags:
|
|
- 800-171
|
|
- 800-53r5_low
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- 800-53r4_moderate
|
|
- 800-53r4_high
|
|
- cis_lvl1
|
|
- cis_lvl2
|
|
- cisv8
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
- cmmc_lvl2
|
|
- stig
|
|
- cnssi-1253_moderate
|
|
severity: medium
|
|
mobileconfig: true
|
|
mobileconfig_info:
|
|
com.apple.MCX:
|
|
timeServer: $ODV
|