mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 05:53:24 +00:00
47 lines
1.2 KiB
YAML
47 lines
1.2 KiB
YAML
id: os_external_storage_access_defined
|
|
title: Access to External Storage Must Be Defined
|
|
discussion: |-
|
|
Access to external storage _MUST_ be managed.
|
|
|
|
NOTE: Apple's built in method using declarative device management method only allows you to set external storage management to Allowed, ReadOnly, and Disallowed.
|
|
check: |
|
|
/usr/bin/plutil -convert json /var/db/ManagedConfigurationFiles/DiskManagement/DiskManagement_Settings.plist -o - | /usr/bin/jq --raw-output '.Restrictions.ExternalStorage'
|
|
result:
|
|
string: $ODV
|
|
fix: |
|
|
This is implemented by Declarative Device Management (DDM).
|
|
references:
|
|
cce:
|
|
- CCE-95188-9
|
|
cci:
|
|
- N/A
|
|
800-53r5:
|
|
- MP-7
|
|
srg:
|
|
- N/A
|
|
disa_stig:
|
|
- N/A
|
|
800-171r3:
|
|
- 03.08.07
|
|
cmmc:
|
|
- MP.L2-3.8.7
|
|
- MP.L2-3.8.8
|
|
odv:
|
|
hint: Allowed, ReadOnly, or Disallowed
|
|
recommended: Allowed
|
|
macOS:
|
|
- '26.0'
|
|
tags:
|
|
- cmmc_lvl2
|
|
- 800-53r5_low
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- cnssi-1253_moderate
|
|
- cnssi-1253_low
|
|
- cnssi-1253_high
|
|
mobileconfig: false
|
|
mobileconfig_info:
|
|
ddm_info:
|
|
declarationtype: com.apple.configuration.diskmanagement.settings
|
|
ddm_key: ExternalStorage
|
|
ddm_value: $ODV |