The macOS system must ensure System Integrity Protection is enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-268555 | APPL-15-005001 | SV-268555r1034605_rule | CCI-000154 | high |
| Description | ||||
| System Integrity Protection is vital to protecting the integrity of the system as it prevents malicious users and software from making unauthorized and/or unintended modifications to protected files and folders; ensures the presence of an audit record generation capability for defined auditable events for all operating system components; protects audit tools from unauthorized access, modification, and deletion; restricts the root user account and limits the actions that the root user can perform on protected parts of the macOS; and prevents nonprivileged users from granting other users direct access to the contents of their home directories and folders. NOTE: System Integrity Protection is enabled by default in macOS. Satisfies: SRG-OS-000051-GPOS-00024, SRG-OS-000054-GPOS-00025, SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029, SRG-OS-000062-GPOS-00031, SRG-OS-000080-GPOS-00048, SRG-OS-000122-GPOS-00063, SRG-OS-000138-GPOS-00069, SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPOS-00099, SRG-OS-000259-GPOS-00100, SRG-OS-000278-GPOS-00108, SRG-OS-000350-GPOS-00138 | ||||
| STIG | Date | |||
| Apple macOS 15 (Sequoia) Security Technical Implementation Guide | 2025-05-05 | |||
Details
Check Text (C-268555r1034605_chk)
Verify the macOS system is configured to enable System Integrity Protection with the following command:
/usr/bin/csrutil status | /usr/bin/grep -c 'System Integrity Protection status: enabled.'
If the result is not "1", this is a finding.
Fix Text (F-72486r1034604_fix)
Configure the macOS system to enable System Integrity Protection by booting into "Recovery" mode, launching "Terminal" from the "Utilities" menu, and running the following command:
/usr/bin/csrutil enable