Big Sur - Disable Remote Apple Events

Information

If the system does not require Remote Apple Events, support for Apple Remote Events is non-essential and _MUST_ be disabled.

The information system _MUST_ be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling.

Solution

[source,bash]
----
/usr/sbin/systemsetup -setremoteappleevents off
/bin/launchctl disable system/com.apple.AEServer
----
NOTE: Systemsetup with -setremoteappleevents flag will fail unless you grant Full Disk Access to systemsetup or it's parent process. Requires UAMDM.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-3, 800-53|AC-17, 800-53|CM-7b., CCE|CCE-85440-6, CCI|CCI-000382, STIG-ID|APPL-11-002022

Plugin: Unix

Control ID: 5b863a33eae8dbc8855e62c820e7e71abfe5a1a513de036aa019ccfff29236a4