################################################################################
DOCUMENT         : Apple_macOS_15_STIG
VERSION          : 001.004.002
CHECKSUM         : 2a6aa807d2f6abd13545fc7f10cd712c274fe49213073a3e98e7ed6db4d8acc1
MANUAL QUESTIONS : 4

IMPORTANT: Make sure to save the completed version of this file to: 
<SCC Install>/Resources/Content/Manual_Questions/Completed_Files

This file contains all of the non-automated STIG requirements found in the STIG.
Results from this file will be combined with automated checks in SCC to provide
complete STIG compliance results.

This file will be programmaticaly imported, so do not modify anything in this file
except for placing an '[X]' to select a Single answer, and entering text comments.

The list of questions is printed in order of severity, listing CAT I (High), then CAT II, etc..

################################################################################

QUESTION         : 1 of 4
TITLE            : CAT II, V-268426, SV-268426r1034218, SRG-OS-000002-GPOS-00002
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.15:testaction:1301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.15:question:1301
RULE             : The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.
QUESTION_TEXT    : Verify that a password policy is enforced by a directory service by asking the system administrator (SA) or information system security officer (ISSO).

If no policy is enforced by a directory service, a password policy can be set with the "pwpolicy" utility. The variable names may vary depending on how the policy was set.

If no temporary or emergency accounts are defined on the system, this is not applicable.

To check if the password policy is configured to disable a temporary or emergency account after 72 hours, run the following command to output the password policy to the screen, substituting the correct user name in place of username:

/usr/bin/pwpolicy -u username getaccountpolicies | tail -n +2

If there is no output, and password policy is not controlled by a directory service, this is a finding.

Otherwise, look for the line "<key>policyCategoryAuthentication</key>".

In the array that follows, there should be a <dict> section that contains a check <string> that allows users to log in if "policyAttributeCurrentTime" is less than the result of adding "policyAttributeCreationTime" to 72 hours (259299 seconds). The check might use a variable defined in its "policyParameters" section.

If the check does not exist or if the check adds too great an amount of time to "policyAttributeCreationTime", this is a finding.

References:
CCI-000016
CCI-001682
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 1 *******************************

QUESTION         : 2 of 4
TITLE            : CAT II, V-268520, SV-268520r1034500, SRG-OS-000095-GPOS-00049
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.15:testaction:19501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.15:question:19501
RULE             : The macOS system must disable CD/DVD Sharing.
QUESTION_TEXT    : Verify the macOS system is configured to disable CD/DVD Sharing with the following command:

/usr/bin/pgrep -q ODSAgent; /bin/echo $?

If the result is not "1", this is a finding.

References:
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 2 *******************************

QUESTION         : 3 of 4
TITLE            : CAT II, V-268534, SV-268534r1034542, SRG-OS-000403-GPOS-00182
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.15:testaction:22301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.15:question:22301
RULE             : The macOS system must issue or obtain public key certificates from an approved service provider.
QUESTION_TEXT    : Verify the macOS system is configured to issue or obtain public key certificates from an approved service provider with the following command:

/usr/bin/security dump-keychain /Library/Keychains/System.keychain | /usr/bin/awk -F'"' '/labl/ {print $4}'

If the result does not contain a list of approved certificate authorities, this is a finding.

References:
CCI-002470
CCI-004909
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 3 *******************************

QUESTION         : 4 of 4
TITLE            : CAT II, V-268575, SV-268575r1034665, SRG-OS-000439-GPOS-00195
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.15:testaction:30501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.15:question:30501
RULE             : The macOS system must be a supported release.
QUESTION_TEXT    : Verify the operating system version. 

Click the Apple icon on the menu at the top left corner of the screen and select the "About This Mac" option. 

The name of the macOS release installed appears on the Overview tab in the resulting window. The precise version number installed is displayed below that.

If the installed version of macOS 15 is not supported, this is a finding.

References:
CCI-002605
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 4 *******************************

