The macOS system must prevent AdminHostInfo from being available at LoginWindow.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-277033 | APPL-26-000009 | SV-277033r1149397_rule | CCI-000060 | medium |
| Description | ||||
| The system must be configured to not display sensitive information at the LoginWindow. If the key "AdminHostInfo" is configured with a string value, it will allow the HostName, IP Address, and operating system version and build to be displayed when clicking on the clock area of the login window. Configuring this key to be an integer value, since it expects a string value, will effectively disable the behavior. Note: This configuration requires it to be deployed via Managed Preferences rather than directly to com.apple.loginwindow. | ||||
| STIG | Date | |||
| Apple macOS 26 (Tahoe) Security Technical Implementation Guide | 2026-02-11 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-11(1)
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.10
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000060
1.00
- DISA · V1R2 · disa_xccdf · related
Details
Check Text (C-277033r1149397_chk)
Verify the macOS system is configured to prevent AdminHostInfo from being available at LoginWindow with the following command:
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\
.integerForKey('AdminHostInfo')
EOS
If the result is not "-1", this is a finding.
Fix Text (F-81093r1149340_fix)
Configure the macOS system to prevent AdminHostInfo from being available at LoginWindow by installing the "com.apple.ManagedClient.preferences" configuration profile.