mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 14:03:24 +00:00
34 lines
1.6 KiB
YAML
34 lines
1.6 KiB
YAML
id: os_notify_account_removal
|
|
title: "Configure the System to Notify upon Account Removed Actions"
|
|
discussion: |
|
|
The macOS should be configured to automatically notify system administrators and Information System Security Officers (ISSOs) when accounts are removed.
|
|
|
|
When operating system accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual operating system users or for identifying the operating system processes themselves. To detect and respond to events that affect user accessibility and system processing, operating systems should audit account removal actions and, as required, notify system administrators and ISSOs so they can investigate the event. Such a capability greatly reduces the risk that operating system accessibility will be negatively affected for extended periods of time and also provides logging that can be used for forensic purposes.
|
|
|
|
To enable notifications and audit logging of removed accounts, many operating systems can be integrated with enterprise-level auditing mechanisms that meet or exceed this requirement.
|
|
check: |
|
|
The technology does not support this requirement. This is an applicable-does not meet finding.
|
|
fix: |
|
|
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.
|
|
references:
|
|
cce:
|
|
- CCE-92838-2
|
|
cci:
|
|
- N/A
|
|
800-53r5:
|
|
- N/A
|
|
800-53r4:
|
|
- AC-2(4)
|
|
disa_stig:
|
|
- N/A
|
|
srg:
|
|
- N/A
|
|
macOS:
|
|
- "14.0"
|
|
tags:
|
|
- 800-53r4_moderate
|
|
- 800-53r4_high
|
|
- permanent
|
|
mobileconfig: false
|
|
mobileconfig_info:
|