The macOS system must disable proximity-based password sharing requests.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-268563 | APPL-15-005060 | SV-268563r1034629_rule | CCI-000381 | medium |
| Description | ||||
| Proximity-based password sharing requests must be disabled. The default behavior of macOS is to allow users to request passwords from other known devices (macOS and iOS). This feature must be disabled to prevent passwords from being shared. | ||||
| STIG | Date | |||
| Apple macOS 15 (Sequoia) Security Technical Implementation Guide | 2025-05-05 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-268563r1034629_chk)
Verify the macOS system is configured to disable proximity-based password sharing requests with the following command:
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowPasswordProximityRequests').js
EOS
If the result is not "false", this is a finding.
Fix Text (F-72494r1034628_fix)
Configure the macOS system to disable proximity-based password sharing requests by installing the "com.apple.applicationaccess" configuration profile.