mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 14:03:24 +00:00
48 lines
1.2 KiB
YAML
48 lines
1.2 KiB
YAML
id: os_parental_controls_enable
|
|
title: "Enable Parental Controls"
|
|
discussion: |
|
|
Parental Controls _MUST_ be enabled.
|
|
|
|
Control of program execution is a mechanism used to prevent program execution of unauthorized programs, which is critical to maintaining a secure system baseline.
|
|
|
|
Parental Controls on the macOS consist of many different payloads, which are set individually depending on the type of control required. Enabling parental controls allows for further configuration of these restrictions.
|
|
check: |
|
|
/usr/bin/osascript -l JavaScript << EOS
|
|
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess.new')\
|
|
.objectForKey('familyControlsEnabled').js
|
|
EOS
|
|
result:
|
|
string: "true"
|
|
fix: |
|
|
This is implemented by a Configuration Profile.
|
|
references:
|
|
cce:
|
|
- CCE-92842-4
|
|
cci:
|
|
- N/A
|
|
800-53r5:
|
|
- CM-7(2)
|
|
800-53r4:
|
|
- CM-7(2)
|
|
srg:
|
|
- N/A
|
|
disa_stig:
|
|
- N/A
|
|
800-171r2:
|
|
- 3.4.7
|
|
cis:
|
|
benchmark:
|
|
- N/A
|
|
controls v8:
|
|
- 4.8
|
|
macOS:
|
|
- "14.0"
|
|
tags:
|
|
- cnssi-1253_moderate
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
mobileconfig: true
|
|
mobileconfig_info:
|
|
com.apple.applicationaccess.new:
|
|
familyControlsEnabled: true
|