################################################################################
DOCUMENT         : Apple_macOS_26_STIG
VERSION          : 001.004.003
CHECKSUM         : 436d895a1af42eef6fb3d3700ca6932cb85a0d4d89149c349e007691eb685540
MANUAL QUESTIONS : 3

IMPORTANT: Make sure to save the completed version of this file to: 
<SCC Install>/Resources/Content/Manual_Questions/Completed_Files

This file contains all of the non-automated STIG requirements found in the STIG.
Results from this file will be combined with automated checks in SCC to provide
complete STIG compliance results.

This file will be programmaticaly imported, so do not modify anything in this file
except for placing an '[X]' to select a Single answer, and entering text comments.

The list of questions is printed in order of severity, listing CAT I (High), then CAT II, etc..

################################################################################

QUESTION         : 1 of 3
TITLE            : CAT I, V-278915, SV-278915r1149198, SRG-OS-000830-GPOS-00300
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.26:testaction:31701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.26:question:31701
RULE             : The macOS system must be a version supported by the vendor.
QUESTION_TEXT    : Verify the operating system version.

Click the Apple icon on the menu at the top left corner of the screen.
Select the "About This Mac" option.

If the operating system version is no longer supported by the vendor, this is a finding.

References:
CCI-003376
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 1 *******************************

QUESTION         : 2 of 3
TITLE            : CAT II, V-277034, SV-277034r1148554, SRG-OS-000002-GPOS-00002
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.26:testaction:1301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.26:question:1301
RULE             : The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.
QUESTION_TEXT    : Verify that a password policy is enforced by a directory service by asking the system administrator (SA) or information system security officer (ISSO).

If no policy is enforced by a directory service, a password policy can be set with the "pwpolicy" utility. The variable names may vary depending on how the policy was set.

If no temporary or emergency accounts are defined on the system, this is not applicable.

To check if the password policy is configured to disable a temporary or emergency account after 72 hours, run the following command to output the password policy to the screen, substituting the correct user name in place of username:

/usr/bin/pwpolicy -u username getaccountpolicies | tail -n +2

If there is no output, and password policy is not controlled by a directory service, this is a finding.

Otherwise, look for the line "<key>policyCategoryAuthentication</key>".

In the array that follows, there should be a <dict> section that contains a check <string> that allows users to log in if "policyAttributeCurrentTime" is less than the result of adding "policyAttributeCreationTime" to 72 hours (259299 seconds). The check might use a variable defined in its "policyParameters" section.

If the check does not exist or if the check adds too great an amount of time to "policyAttributeCreationTime", this is a finding.

References:
CCI-000016
CCI-001682
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 2 *******************************

QUESTION         : 3 of 3
TITLE            : CAT II, V-277143, SV-277143r1148881, SRG-OS-000403-GPOS-00182
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.26:testaction:23101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.mscp.content.macOS.26:question:23101
RULE             : The macOS system must issue or obtain public key certificates from an approved service provider.
QUESTION_TEXT    : Verify the macOS system is configured to issue or obtain public key certificates from an approved service provider with the following command:

/usr/bin/security dump-keychain /Library/Keychains/System.keychain | /usr/bin/awk -F'"' '/labl/ {print $4}'

If the result does not contain a list of approved certificate authorities, this is a finding.

References:
CCI-002470
CCI-004909
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 3 *******************************

