Catalina - Configure the System to Separate User and System Functionality - separate

Information

The information system _IS_ configured to separate user and system functionality.

Operating system management functionality includes functions necessary for administration and requires privileged user access. Allowing non-privileged users to access operating system management functionality capabilities increases the risk that non-privileged users may obtain elevated privileges. Operating system management functionality includes functions necessary to administer console, network components, workstations, or servers and typically requires privileged user access.

The inherent configuration of the macOS allows only privileged users to access operating system management functionalities.

link:https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/DesigningDaemons.html[]

Solution

The technology inherently meets this requirement. No fix is required.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|MA-4(1), 800-53|SC-2, CCE|CCE-84888-7, CCI|CCI-001082

Plugin: Unix

Control ID: 6736025555345e209000a3b0f35e2ad9a315d578ac2ba619248c94c61ae3a67e