AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH version

Information

Without confidentiality and integrity protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.

Remote access is access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.

Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., Remote Desktop Protocol [RDP]), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information.

SSHD should be enabled to facilitate secure remote access.

Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188

Solution

To update SSHD to the minimum required version, run Software Update to update to the latest version of macOS.

To enable the SSHD service, run the following command:

/usr/bin/sudo /bin/launchctl enable system/com.openssh.sshd

The system may need to be restarted for the update to take effect.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_OS_X_10-14_V2R6_STIG.zip

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-17(2), 800-53|SC-8, 800-53|SC-8(1), 800-53|SC-8(2), CAT|I, CCI|CCI-000068, CCI|CCI-001453, CCI|CCI-002418, CCI|CCI-002420, CCI|CCI-002421, CCI|CCI-002422, Rule-ID|SV-209530r610285_rule, STIG-ID|AOSX-14-000011, STIG-Legacy|SV-104709, STIG-Legacy|V-95377, Vuln-ID|V-209530

Plugin: Unix

Control ID: 79639fc44a321e4fd68f0ced644bc618c99aa18ee9fe972377b2d4b012eb4c60