usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-17 06:12:10 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
Files
f9faec0d30b9ec81de21eb0a8ef32f95db484f86
macos_security/rules/os/os_separate_functionality.yaml
Bob Gendler 2ab099bfcd Dev sonoma issue356 (#367) 
* chore[rules]: updated STIG tags

Removed the stig tag from rules that weren't in the stig.
Added 'srg' tag to rules that had SRG references, but not in stig

Issue #356

* chore[baseline]: updated STIG baseline

* chore[references]: updated CCI and SRG refs

Updated severity where needed too

* fix[rule]: yaml syntax for CCI

* fix[rules]: added missing STIG ODVs

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>
2024-02-26 15:50:02 -05:00

49 lines
1.6 KiB
YAML
Raw Blame History

id: os_separate_functionality
title: Configure the System to Separate User and System Functionality
discussion: |
The information system _IS_ configured to separate user and system functionality.
Operating system management functionality includes functions necessary for administration and requires privileged user access. Allowing non-privileged users to access operating system management functionality capabilities increases the risk that non-privileged users may obtain elevated privileges. Operating system management functionality includes functions necessary to administer console, network components, workstations, or servers and typically requires privileged user access.
The inherent configuration of the macOS allows only privileged users to access operating system management functionalities.
link:https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/DesigningDaemons.html[]
check: |
The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
fix: |
The technology inherently meets this requirement. No fix is required.
references:
cce:
- CCE-92886-1
cci:
- N/A
800-53r5:
- SC-2
- MA-4(1)
800-53r4:
- SC-2
disa_stig:
- N/A
srg:
- SRG-OS-000132-GPOS-00067
800-171r2:
- 3.13.3
cmmc:
- SC.L2-3.13.3
macOS:
- '14.0'
tags:
- 800-53r5_moderate
- 800-53r5_high
- 800-53r4_moderate
- 800-53r4_high
- 800-171
- inherent
- cnssi-1253_moderate
- cnssi-1253_low
- cnssi-1253_high
- cmmc_lvl2
- srg
mobileconfig: false
mobileconfig_info:
Reference in New Issue View Git Blame Copy Permalink