Apple macOS 14 (Sonoma) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The macOS system must disable Erase Content and Settings.
<VulnDiscussion>Erase Content and Settings must be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNega...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
The macOS system must enable Authenticated Root.
<VulnDiscussion>Authenticated Root must be enabled. When Authenticated Root is enabled the macOS is booted from a signed volume that is cryp...Rule Medium Severity -
SRG-OS-000362-GPOS-00149
<GroupDescription></GroupDescription>Group -
The macOS system must prohibit user installation of software into /users/.
<VulnDiscussion>Users must not be allowed to install software into /users/. Allowing users who do not possess explicit privileges to install...Rule Medium Severity -
SRG-OS-000378-GPOS-00163
<GroupDescription></GroupDescription>Group -
The macOS system must authorize USB devices before allowing connection.
<VulnDiscussion>USB devices connected to a Mac must be authorized. [IMPORTANT] ==== This feature is removed if a smart card is paired or sma...Rule Medium Severity -
SRG-OS-000445-GPOS-00199
<GroupDescription></GroupDescription>Group -
The macOS system must ensure secure boot level set to full.
<VulnDiscussion>The Secure Boot security setting must be set to full. Full security is the default Secure Boot setting in macOS. During star...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules