AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabled

Information

Without confidentiality and integrity protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.

Remote access is access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.

Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., Remote Desktop Protocol [RDP]), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information.

SSHD should be enabled to facilitate secure remote access.

Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188

Solution

To update SSHD to the minimum required version, run Software Update to update to the latest version of macOS.

To enable the SSHD service, run the following command:

/usr/bin/sudo /bin/launchctl enable system/com.openssh.sshd

The system may need to be restarted for the update to take effect.

Item Details

Audit Name: DISA STIG Apple Mac OSX 10.14 v2r6

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

Plugin: Unix

Control ID: 79639fc44a321e4fd68f0ced644bc618c99aa18ee9fe972377b2d4b012eb4c60

Detections

Analytics

AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabled

Information

Solution

See Also

Item Details