2.6.6 Audit Lockdown Mode


Apple introduced Lockdown Mode as a security feature in their OS releases in 2022 that provides additional security protection that Apple has describes as 'extreme'. Users and organizations that suspect some users are targets of advanced attacks must consider using this control.


Lockdown Mode was designed by Apple as an aggressive approach to commonly attacked OS features where additional controls could reduce the attack surface. IT systems and devices, including their users, are subject to continuous exploit attempts. Most of that activity is not advances and can be considered background noise to a patched, hardened device. Advanced attackers are of more concern and a risk review to understand organizational targets and use Lockdown Mode where appropriate is necessary.


Lockdown Mode must be tested appropriately for real world impact on users prior to use. As a new feature there is not sufficient technical reporting on user impacts.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Graphical Method:
Perform the following steps to set Lockdown Mode to your organization's requirements:

Open System Settings

Select Privacy & Security

Set Lockdown Mode to your organization's parameters

Item Details


References: 800-53|CM-7, 800-53|MA-4, CSCv7|16.2

Plugin: Unix

Control ID: add0716a7fd89222b79b1fb20c594c5be69c07d8c66cb0e5ebc06fe8b358a798