macOS 15 - Sequoia
The macOS system must disable the system settings pane for Siri
STIG ID:
APPL-15-002053
|
SRG:
SRG-OS-000095-GPOS-00049
|
Severity:
Medium
|
CCI:
CCI-000381
|
Vulnerability ID:
V-268507
Description
The System Settings pane for Siri must be hidden.Hiding the System Settings pane prevents users from configuring Siri. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized.
Check
C-268507r1034461_chk
Verify the macOS system is configured to disable the system settings pane for Siri with the following command:/usr/bin/profiles show -output stdout-xml | /usr/bin/xmllint --xpath '//key[text()="DisabledSystemSettings"]/following-sibling::*[1]' - | /usr/bin/grep -c com.apple.Siri-Settings.extensionIf the result is not "1", this is a finding.
Fix
F-72438r1034460_fix
Configure the macOS system to disable the system settings pane for Siri by installing the "com.apple.systempreferences" configuration profile.