APPL-11-000008 - The macOS system must be configured with Wi-Fi support software disabled.

Information

Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Since wireless communications can be intercepted, it is necessary to use encryption to protect the confidentiality of information in transit.

Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication.

Satisfies: SRG-OS-000299-GPOS-00117, SRG-OS-000300-GPOS-00118, SRG-OS-000379-GPOS-00164

Solution

To disable the Wi-Fi network device, run the following command:

/usr/bin/sudo /usr/sbin/networksetup -setnetworkserviceenabled 'Wi-Fi' off

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_11_V1R5_STIG.zip

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-18(1), 800-53|IA-3(1), CAT|II, CCI|CCI-001443, CCI|CCI-001444, CCI|CCI-001967, Rule-ID|SV-230750r599842_rule, STIG-ID|APPL-11-000008, Vuln-ID|V-230750

Plugin: Unix

Control ID: ddc07212c925f8a2e8cfba30769e00dfdff3ec5d0c84a76df86e645fd17f1886