################################################################################
DOCUMENT         : Apple_macOS_14_STIG
VERSION          : 002.003.002
CHECKSUM         : 213152de201d00e0ea5fe13f5f83bae1141b5fba1692e0dc55935cba54958b9e
MANUAL QUESTIONS : 3

IMPORTANT: Make sure to save the completed version of this file to: 
<SCC Install>/Resources/Content/Manual_Questions/Completed_Files

This file contains all of the non-automated STIG requirements found in the STIG.
Results from this file will be combined with automated checks in SCC to provide
complete STIG compliance results.

This file will be programmaticaly imported, so do not modify anything in this file
except for placing an '[X]' to select a Single answer, and entering text comments.

The list of questions is printed in order of severity, listing CAT I (High), then CAT II, etc..

################################################################################

QUESTION         : 1 of 3
TITLE            : CAT II, V-259424, SV-259424r958364, SRG-OS-000002-GPOS-00002
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.14:testaction:1301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.14:question:1301
RULE             : The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.
QUESTION_TEXT    : Verify if a password policy is enforced by a directory service by asking the system administrator (SA) or information system security officer (ISSO).

If no policy is enforced by a directory service, a password policy can be set with the "pwpolicy" utility. The variable names may vary depending on how the policy was set.

If there are no temporary or emergency accounts defined on the system, this is Not Applicable.

To check if the password policy is configured to disable a temporary or emergency account after 72 hours, run the following command to output the password policy to the screen, substituting the correct user name in place of username:

/usr/bin/pwpolicy -u username getaccountpolicies | tail -n +2

If there is no output, and password policy is not controlled by a directory service, this is a finding.

Otherwise, look for the line "<key>policyCategoryAuthentication</key>".

In the array that follows, there should be a <dict> section that contains a check <string> that allows users to log in if "policyAttributeCurrentTime" is less than the result of adding "policyAttributeCreationTime" to 72 hours (259299 seconds). The check might use a variable defined in its "policyParameters" section.

If the check does not exist or if the check adds too great an amount of time to "policyAttributeCreationTime", this is a finding.

References:
CCI-000016
CCI-001682
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 1 *******************************

QUESTION         : 2 of 3
TITLE            : CAT II, V-259521, SV-259521r958478, SRG-OS-000095-GPOS-00049
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.14:testaction:20101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.14:question:20101
RULE             : The macOS system must disable CD/DVD Sharing.
QUESTION_TEXT    : Verify the macOS system is configured to disable CD/DVD Sharing with the following command:

/usr/bin/pgrep -q ODSAgent; /bin/echo $?

If the result is not "1", this is a finding.

References:
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 2 *******************************

QUESTION         : 3 of 3
TITLE            : CAT II, V-259536, SV-259536r958868, SRG-OS-000403-GPOS-00182
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.14:testaction:23101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.14:question:23101
RULE             : The macOS system must issue or obtain public key certificates from an approved service provider.
QUESTION_TEXT    : Verify the macOS system is configured to issue or obtain public key certificates from an approved service provider with the following command:

/usr/bin/security dump-keychain /Library/Keychains/System.keychain | /usr/bin/awk -F'"' '/labl/ {print $4}'

If the result does not contain a list of approved certificate authorities, this is a finding.

References:
CCI-002470
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 3 *******************************

