mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 14:03:24 +00:00
27 lines
1.2 KiB
YAML
27 lines
1.2 KiB
YAML
id: os_prevent_priv_execution
|
|
title: "Prevent all software from executing at higher privilege levels than users executing the software"
|
|
discussion: |
|
|
In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by the organizations.Some programs and processes are required to operate at a higher privilege level and therefore should be excluded from the organization-defined software list after review.
|
|
check: |
|
|
The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
|
|
fix: |
|
|
The technology inherently meets this requirement. No fix is required.
|
|
references:
|
|
cce:
|
|
- CCE-84862-2
|
|
cci:
|
|
- CCI-002233
|
|
800-53r4:
|
|
- AC-6(8)
|
|
disa_stig:
|
|
- AOSX-15-100028
|
|
srg:
|
|
- SRG-OS-000326-GPOS-00126
|
|
macOS:
|
|
- "10.15"
|
|
tags:
|
|
- STIG
|
|
- inherent
|
|
mobileconfig: false
|
|
mobileconfig_info:
|