Catalina - Configure Gatekeeper to Disallow End User Override

Information

Gatekeeper _MUST_ be configured with a configuration profile to prevent normal users from overriding its settings.

If users are allowed to disable Gatekeeper or set it to a less restrictive setting, malware could be introduced into the system.

Solution

To implement the prescribed state with a Configuration Profile, create a configuration profile (com.apple.systempolicy.managed) with the following key DisableOverride set to true
[source,xml]
----
<key>DisableOverride</key>
<true/>
----
NOTE - This will apply to the whole system

mobileconfig profile info:

com.apple.systempolicy.managed:
DisableOverride:
True

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-5, 800-53|CM-6b., 800-53|SI-7(15), CCE|CCE-84835-8, CCI|CCI-000366, STIG-ID|AOSX-15-002061

Plugin: Unix

Control ID: 7f481120e3cba4be2adceeab6421b2d89180fa43486bda4c0a6ceec0f66d1321