usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-04 17:23:16 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
Files
981f55a514bdf7ded8fac3bf65ee2560eeeef9ba
macos_security/rules/os/os_secure_boot_verify.yaml
Bob Gendler e64066c390 800-53 changes, stig changes, elyse edits on perms
2020-08-27 17:15:47 -04:00

31 lines
844 B
YAML
Raw Blame History

id: os_secure_boot_verify
title: "Ensure Secure Boot Level Set to Full"
discussion: |
The Secure Boot security setting _MUST_ be set to full.
Full security is the default Secure Boot setting in macOS. During startup, when Secure Boot is set to full security, the Mac will verify the integrity of the operating system before allowing the operating system to boot.
Note: This will only return a proper result on a T2 Mac
check: |
/usr/sbin/nvram 94b73556-2197-4702-82a8-3e1337dafbfb:AppleSecureBootPolicy | /usr/bin/grep -c '%02'
result:
integer: 1
fix: |
NOTE: Boot into Recovery Mode and enable Full Secure Boot
references:
cce:
- CCE-84789-7
800-53r4:
- SI-6
srg:
- SRG-OS-000446-GPOS-00200
disa_stig:
- N/A
cci:
- N/A
macOS:
- "10.15"
tags:
- fisma-high
mobileconfig: false
mobileconfig_info:
Reference in New Issue View Git Blame Copy Permalink