STIG ID: APPL-14-002064 | SRG: SRG-OS-000366-GPOS-00153 | Severity: high | CCI: | Vulnerability Id: V-259512
Gatekeeper must be enabled.
Gatekeeper is a security feature that ensures applications are digitally signed by an Apple-issued certificate before they are permitted to run. Digital signatures allow the macOS host to verify that the application has not been modified by a malicious third party.
Administrator users will still have the option to override these settings on a case-by-case basis.
Configure the macOS system to enable gatekeeper with the following command:
/usr/sbin/spctl --global-enable
Verify the macOS system is configured to enable gatekeeper with the following command:
/usr/sbin/spctl --status | /usr/bin/grep -c "assessments enabled"
If the result is not "1", this is a finding.