Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The macOS system must restrict the ability to utilize external writeable media devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-252537 | APPL-12-005051 | SV-252537r877369_rule | Medium |
| Description |
|---|
| External writeable media devices must be disabled for users. External USB devices are a potential vector for malware and can be used to exfiltrate sensitive data. Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000319-GPOS-00164 |
| STIG | Date |
|---|---|
| Apple macOS 12 (Monterey) Security Technical Implementation Guide | 2022-11-18 |
Details
| Check Text ( C-55993r877368_chk ) |
|---|
| Verify the system is configured to disable external writeable media devices: $ /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/egrep -A 3 'blankbd|blankcd|blankdvd|dvdram|harddisk-external' “blankbd" = ( deny, eject ); “blankcd" = ( deny, eject ); “blankdvd" = ( deny, eject ); “dvdram" = ( deny, eject ); “harddisk-external" = ( deny, eject ); If the result does not match the output above and the external writeable media devices have not been approved by the Authorizing Official, this is a finding. |
| Fix Text (F-55943r816424_fix) |
|---|
| This setting is enforced using the "Restrictions Policy" configuration profile. |