macOS 15 - Sequoia
The macOS system must disable Erase Content and Settings
STIG ID:
APPL-15-005061
|
SRG:
SRG-OS-000095-GPOS-00049
|
Severity:
Medium
|
CCI:
CCI-000381
|
Vulnerability ID:
V-268564
Description
Erase Content and Settings must be disabled.Without disabling the Erase Content and Settings configuration, forensics data could be lost if this feature is activated on a compromised system.
Check
C-268564r1034632_chk
Verify the macOS system is configured to disable Erase Content and Settings with the following command:/usr/bin/osascript -l JavaScript << EOS$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\.objectForKey('allowEraseContentAndSettings').jsEOSIf the result is not "false", this is a finding.
Fix
F-72495r1034631_fix
Configure the macOS system to disable Erase Content and Settings by installing the "com.apple.applicationaccess" configuration profile.