The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.

From Apple OS X 10.13 Security Technical Implementation Guide

Part of SRG-OS-000033-GPOS-00014

Associated with: CCI-000068 CCI-002418 CCI-002420 CCI-002421 CCI-002422

SV-96191r1_rule The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.

Vulnerability discussion

Without confidentiality and integrity protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.Remote access is access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., Remote Desktop Protocol [RDP]), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information.Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190

Check content

For systems that allow remote access through SSH, run the following command: /usr/bin/sudo /bin/launchctl print-disabled system | /usr/bin/grep com.openssh.sshd If the results do not show the following, this is a finding. "com.openssh.sshd" => false

Fix text

To enable the SSH service, run the following command: /usr/bin/sudo /bin/launchctl enable system/com.openssh.sshd The system may need to be restarted for the update to take effect.

Pro Tips

Powered by sagemincer