STIG ID: APPL-14-002008 | SRG: SRG-OS-000080-GPOS-00048 | Severity: medium | CCI: | Vulnerability Id: V-259484
The built-in web server is a nonessential service built into macOS and must be disabled.
Note: The built in web server service is disabled at startup by default macOS.
Configure the macOS system to disable the built-in web server with the following command:
/bin/launchctl disable system/org.apache.httpd
The system may need to be restarted for the update to take effect.
Verify the macOS system is configured to disable the built-in web server with the following command:
/bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => disabled'
If the result is not "1", this is a finding.