macOS 15 - Sequoia
The macOS system must disable the guest account
STIG ID:
APPL-15-002063
|
SRG:
SRG-OS-000364-GPOS-00151
|
Severity:
Medium
|
CCI:
CCI-001813
|
Vulnerability ID:
V-268510
Description
Guest access must be disabled.Turning off guest access prevents anonymous users from accessing files.
Check
C-268510r1034470_chk
Verify the macOS system is configured to disable the guest account with the following command:/usr/bin/osascript -l JavaScript << EOSfunction run() {let pref1 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\.objectForKey('DisableGuestAccount'))let pref2 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\.objectForKey('EnableGuestAccount'))if ( pref1 == true && pref2 == false ) {return("true")} else {return("false")}}EOSIf the result is not "true", this is a finding.
Fix
F-72441r1034469_fix
Configure the macOS system to disable the guest account by installing the "com.apple.MCX" configuration profile.