mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 05:53:24 +00:00
36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
id: os_application_sandboxing
|
|
title: "Ensure Seperate Execution Domain for Processes"
|
|
discussion: |
|
|
The inherent configuration of the macOS _IS_ in compliance as Apple has implemented multiple features Mandatory access controls (MAC), System Integrity Protection (SIP), and application sandboxing.
|
|
|
|
link:https://support.apple.com/guide/security/system-integrity-protection-secb7ea06b49/web[]
|
|
|
|
link:https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html[]
|
|
check: |
|
|
The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
|
|
fix: |
|
|
The technology inherently meets this requirement. No fix is required.
|
|
references:
|
|
cce:
|
|
- CCE-92760-8
|
|
800-53r5:
|
|
- SC-39
|
|
800-53r4:
|
|
- N/A
|
|
disa_stig:
|
|
- N/A
|
|
srg:
|
|
- N/A
|
|
macOS:
|
|
- "14.0"
|
|
tags:
|
|
- inherent
|
|
- 800-53r5_low
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- cnssi-1253_moderate
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
mobileconfig: false
|
|
mobileconfig_info:
|