From Apple OS X 10.11 Security Technical Implementation Guide
Part of SRG-OS-000480-GPOS-00231
Associated with: CCI-000366
An approved firewall must be installed and enabled to work in concert with the OS X Application Firewall. When configured correctly, firewalls protect computers from network attacks by blocking or limiting access to open network ports.
The system firewall must be configured with a "default-deny" policy. Ask the SA or ISSO if an approved firewall is loaded on the system. The recommended system is the McAfee HBSS. If there is no firewall installed on the system, this is a finding. If there is a firewall installed and it is not configured with a "default-deny" policy, this is a finding.
Install an approved HBSS or firewall solution onto the system and configure it with a "default-deny" policy.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer