AOSX-13-000518 - The macOS system must cover or disable the built-in or attached camera when not in use.


It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.

Failing to disconnect from collaborative computing devices (i.e. cameras) can result in subsequent compromises of organizational information. Providing easy methods to physically disconnect from such devices after a collaborative computing session helps to ensure that participants actually carry out the disconnect activity without having to go through complex and tedious procedures.

Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000370-GPOS-00155

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


This setting is enforced using the 'Restrictions Policy' configuration profile.

See Also

Item Details


References: 800-53|CM-7(5)(b), 800-53|CM-7a., CAT|II, CCI|CCI-000381, CCI|CCI-001774, Rule-ID|SV-214855r609363_rule, STIG-ID|AOSX-13-000518, STIG-Legacy|SV-96285, STIG-Legacy|V-81571, Vuln-ID|V-214855

Plugin: Unix

Control ID: 86599c56fd1b6d4a354d7260153ff9be9439ea18f970945706847f1e86c002e7