Detections
Analytics
APPL-11-005051 - The macOS system must restrict the ability of individuals to use USB storage devices.
Information
External writeable media devices must be disabled for users. External USB devices are a potential vector for malware and can be used to exfiltrate sensitive data if an approved data-loss prevention (DLP) solution is not installed.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
This setting is enforced using the 'Restrictions Policy' configuration profile.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_11_V1R5_STIG.zip
Item Details
Audit Name: DISA STIG Apple macOS 11 v1r5
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-250320r802395_rule, STIG-ID|APPL-11-005051, Vuln-ID|V-250320
Plugin: Unix
Control ID: 7f6434cb394131b271bc65694ee159d50cd8dda8e434a95ddb6d91cdd25561b7