Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software


In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by the organizations.Some programs and processes are required to operate at a higher privilege level and therefore should be excluded from the organization-defined software list after review.

The inherent configuration of the macOS does not allow for non-privileged users to be able to execute functions requiring privilege.



The technology inherently meets this requirement. No fix is required.

See Also

Item Details


References: 800-53|AC-6(8), CCE|CCE-84862-2, CCI|CCI-002233

Plugin: Unix

Control ID: c71e15d01f900126a05653b092bd31ea4b326010c8daefeaff3b868907c2ebc7