Catalina - Enable Gatekeeper

Information

Gatekeeper _MUST_ be enabled.

Gatekeeper is a security feature that ensures that applications are digitally signed by an Apple-issued certificate before they are permitted to run. Digital signatures allow the macOS host to verify that the application has not been modified by a malicious third party.

Administrator users will still have the option to override these settings on a case-by-case basis.

Solution

[source,bash]
----
/usr/sbin/spctl --master-enable
----

mobileconfig profile info:

com.apple.systempolicy.control:
EnableAssessment:
True

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-5, 800-53|CM-5(3), 800-53|CM-14, 800-53|SI-3, 800-53|SI-7(1), 800-53|SI-7(15), CCE|CCE-84759-0, CCI|CCI-001749, STIG-ID|AOSX-15-002064

Plugin: Unix

Control ID: 00164f1a5a4f9b200336deff7c0d069386edc99b0a39eb8b8bd11d8b9d4a0aba