STIG ID: APPL-14-005061 | SRG: SRG-OS-000095-GPOS-00049 | Severity: medium | CCI: | Vulnerability Id: V-259569
Erase Content and Settings must be disabled.
Configure the macOS system to disable Erase Content and Settings by installing the "com.apple.applicationaccess" configuration profile.
Verify the macOS system is configured to disable Erase Content and Settings with the following command:
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowEraseContentAndSettings').js
EOS
If the result is not "false", this is a finding.