The macOS system must be integrated into a directory services infrastructure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-257153 | APPL-13-000016 | SV-257153r905092_rule | High |
| Description |
|---|
| Distinct user account databases on each separate system cause problems with username and password policy enforcement. Most approved directory services infrastructure solutions allow centralized management of users and passwords. |
| STIG | Date |
|---|---|
| Apple macOS 13 (Ventura) Security Technical Implementation Guide | 2023-08-28 |
Details
| Check Text ( C-60838r905090_chk ) |
|---|
| If the macOS system is using a mandatory Smart Card Policy, this requirement is not applicable. Verify the macOS system is configured to integrate into a directory service with the following command: /usr/bin/dscl localhost -list . | /usr/bin/grep "Active Directory" If no results are returned, this is a finding. |
| Fix Text (F-60779r905091_fix) |
|---|
| Configure the macOS system to integrate into an existing directory services infrastructure. |