Monterey - Enable Authenticated Root

Information

Authenticated Root _MUST_ be enabled.

When Authenticated Root is enabled the macOS is booted from a signed volume that is cryptographically protected to prevent tampering with the system volume.

NOTE: Authenticated Root is enabled by default on macOS systems.

Solution

[source,bash]
----
/usr/bin/csrutil authenticated-root enable
----
NOTE: To re-enable "Authenticated Root", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the command.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-3, 800-53|CM-5, 800-53|MA-4(1), 800-53|SC-34, 800-53|SI-7, 800-53|SI-7(6), CCE|CCE-90907-7

Plugin: Unix

Control ID: 058bf8c04f7760e8c5efb54978aa23b67da2122091a1c13f9ae37b73bed7104a