mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 14:03:24 +00:00
40 lines
997 B
YAML
40 lines
997 B
YAML
id: os_network_storage_restriction
|
|
title: Network Storage Must Be Restricted
|
|
discussion: |-
|
|
Network Storage _MUST_ be restricted.
|
|
|
|
NOTE: Apple's built in method using declarative device management method only allows you to set network storage management to Allowed, ReadOnly, and Disallowed.
|
|
check: |
|
|
/usr/bin/plutil -convert json /var/db/ManagedConfigurationFiles/DiskManagement/DiskManagement_Settings.plist -o - | /usr/bin/jq --raw-output '.Restrictions.NetworkStorage'
|
|
result:
|
|
string: $ODV
|
|
fix: |
|
|
This is implemented by Declarative Device Management (DDM).
|
|
references:
|
|
cce:
|
|
- CCE-95232-5
|
|
cci:
|
|
- N/A
|
|
800-53r5:
|
|
- AC-20(4)
|
|
srg:
|
|
- N/A
|
|
disa_stig:
|
|
- N/A
|
|
800-171r3:
|
|
- N/A
|
|
cmmc:
|
|
- N/A
|
|
macOS:
|
|
- '26.0'
|
|
tags:
|
|
- none
|
|
odv:
|
|
hint: Allowed, ReadOnly, or Disallowed
|
|
recommended: Allowed
|
|
mobileconfig: false
|
|
mobileconfig_info:
|
|
ddm_info:
|
|
declarationtype: com.apple.configuration.diskmanagement.settings
|
|
ddm_key: NetworkStorage
|
|
ddm_value: $ODV |