STIG ID: APPL-14-005090 | SRG: SRG-OS-000378-GPOS-00163 | Severity: medium | CCI: | Vulnerability Id: V-259572
USB devices connected to a Mac must be authorized.
[IMPORTANT]
====
This feature is removed if a smart card is paired or smart card attribute mapping is configured.
====
Configure the macOS system to authorize USB devices before allowing connection by installing the "com.apple.applicationaccess" configuration profile.
Verify the macOS system is configured to authorize USB devices before allowing connection with the following command:
/usr/bin/osascript -l JavaScript << EOS
function run() {
let pref1 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowUSBRestrictedMode'))
if ( pref1 == false ) {
return("false")
} else {
return("true")
}
}
EOS
If the result is not "true", this is a finding.