Detections
Analytics
APPL-11-002069 - The macOS system must authenticate peripherals before establishing a connection.
Information
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.Peripherals include, but are not limited to, such devices as flash drives, external storage, and printers.
Solution
To ensure that authentication is required to access all system level preference panes use the following procedure:Copy the authorization database to a file using the following command:
/usr/bin/sudo /usr/bin/security authorizationdb read system.preferences > ~/Desktop/authdb.txt
edit the file to change:
<key>shared</key>
<true/>
To read:
<key>shared</key>
<false/>
Reload the authorization database with the following command:
/usr/bin/sudo /usr/bin/security authorizationdb write system.preferences < ~/Desktop/authdb.txt
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_11_V1R8_STIG.zip
Item Details
Audit Name: DISA STIG Apple macOS 11 v1r8
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-3, CAT|II, CCI|CCI-001958, Rule-ID|SV-230828r855703_rule, STIG-ID|APPL-11-002069, Vuln-ID|V-230828
Plugin: Unix
Control ID: 31ecdbab857da496fd575dd5d36369cab3b44a03a33bc93941f55a6f063a8b93