Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Apple macOS 10.15
Profiles
NIST 800-53 Moderate-Impact Baseline for Apple macOS 10.15 Catalina
NIST 800-53 Moderate-Impact Baseline for Apple macOS 10.15 Catalina
An XCCDF Profile
Details
Items
Prose
2 rules organized in 2 groups
System Accounting with audit
2 Rules
The Basic Security Module (BSM) security audit API and file format is Apple's auditing system. The audit() function submits a record to the kernel for inclusion in the global audit trail. The record must already be in BSM format. To protect the integrity of the audit trail, this system call must be made with sufficient privileges. Libbsm can be used to create and manipulate BSM data. Length is the length in bytes of the BSM record and record points to the data. The audit service provides substantial capabilities for recording system activities. Secure networks often have substantial auditing requirements, and
auditd
can be configured to meet these requirements.
Enable audit Service
High Severity
The
audit
service is an essential userspace component of the auditing system, as it is responsible for writing audit records to disk.
Configure auditd
1 Rule
The
auditd
program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings for comprehensive auditing, but a full description of the auditing system's capabilities is beyond the scope of this guide.
Shutdown System When Auditing Failures Occur
Medium Severity
The macOS system must shut down by default upon audit failure unless availability is an overriding concern.