mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-03-04 01:12:00 +00:00
44 lines
1.4 KiB
YAML
44 lines
1.4 KiB
YAML
id: sysprefs_gatekeeper_identified_developers_allowed
|
|
title: "Apply Gatekeeper Settings to Block Applications from Unidentified Developers"
|
|
discussion: |
|
|
The information system implements cryptographic mechanisms to authenticate software prior to installation.
|
|
|
|
Gatekeeper settings must be configured correctly to only allow the system to run applications downloaded from the Mac App Store or applications signed with a valid Apple Developer ID code. Administrator users will still have the option to override these settings on a per-app basis. Gatekeeper is a security feature that ensures that applications must be digitally signed by an Apple-issued certificate in order to run. Digital signatures allow the macOS to verify that the application has not been modified by a malicious third party.
|
|
check: |
|
|
/usr/sbin/spctl --status --verbose | /usr/bin/grep -c "developer id enabled"
|
|
result:
|
|
integer: 1
|
|
fix: |
|
|
[source,bash]
|
|
----
|
|
/usr/sbin/spctl --master-enable; /usr/sbin/spctl --enable
|
|
----
|
|
references:
|
|
cce:
|
|
- CCE-84834-1
|
|
cci:
|
|
- CCI-000366
|
|
800-53r4:
|
|
- CM-5(3)
|
|
- CM-5
|
|
- SI-7(15)
|
|
srg:
|
|
- SRG-OS-000366-GPOS-00153
|
|
- SRG-OS-000480-GPOS-00227
|
|
disa_stig:
|
|
- AOSX-14-002060
|
|
800-171r2:
|
|
- 3.4.5
|
|
macOS:
|
|
- "10.15"
|
|
tags:
|
|
- 800-171
|
|
- cnssi-1253
|
|
- fisma-moderate
|
|
- fisma-high
|
|
- STIG
|
|
mobileconfig: true
|
|
mobileconfig_info:
|
|
com.apple.systempolicy.control:
|
|
AllowIdentifiedDevelopers: true
|
|
EnableAssessment: true |