The OS X system firewall must be configured with a default-deny policy.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-75997 | AOSX-12-000155 | SV-90685r1_rule | Medium |
| Description |
|---|
| An approved firewall must be installed and enabled to work in concert with the OS X Application Firewall. When configured correctly, firewalls protect computers from network attacks by blocking or limiting access to open network ports. |
| STIG | Date |
|---|---|
| Apple OS X 10.12 Security Technical Implementation Guide | 2018-12-24 |
Details
| Check Text ( C-75681r1_chk ) |
|---|
| Ask the System Administrator (SA) or Information System Security Officer (ISSO) if an approved firewall is loaded on the system. The recommended system is the McAfee HBSS. If no firewall is installed on the system, this is a finding. If a firewall is installed and it is not configured with a "default-deny" policy, this is a finding. |
| Fix Text (F-82635r1_fix) |
|---|
| Install an approved HBSS or firewall solution onto the system and configure it with a "default-deny" policy. |