macOS 15 - Sequoia
The macOS system must disable Network File System (NFS) service
STIG ID:
APPL-15-002003
|
SRG:
SRG-OS-000080-GPOS-00048
|
Severity:
Medium
|
CCI:
CCI-000213
|
Vulnerability ID:
V-268479
Description
Support for NFS services is nonessential and, therefore, must be disabled. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized.
Check
C-268479r1034377_chk
Verify the macOS system is configured to disable NFS service with the following command:/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.nfsd" => disabled'If the result is not "1", this is a finding.
Fix
F-72410r1034376_fix
Configure the macOS system to disable NFS service with the following command:/bin/launchctl disable system/com.apple.nfsdThe system may need to be restarted for the update to take effect.