2.5.2.1 Ensure Gatekeeper is Enabled

Information

Gatekeeper is Apple's application white-listing control that restricts downloaded applications from launching. It functions as a control to limit applications from unverified sources from running without authorization.

Rationale:

Disallowing unsigned software will reduce the risk of unauthorized or malicious applications from running on the system.

Solution

Perform the following to enable Gatekeeper:
Graphical Method:

Open System Preferences

Select Security & Privacy

Select General

Set Allow apps downloaded from to App Store and identified developers

Terminal Method:
Run the following command to enable Gatekeeper to allow applications from App Store and identified developers:

$ sudo /usr/sbin/spctl --master-enable

Profile Method:

Create or edit a configuration profile with the PayLoadType of com.apple.systempolicy.control

Add the key AllowIdentifiedDevelopers

Set the key to <true/>

Add the key EnableAssessment

Set the key to <true/>

See Also

https://workbench.cisecurity.org/files/3569

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, 800-53|SI-16, CSCv7|8.2, CSCv7|8.4

Plugin: Unix

Control ID: b54dcd899c6e43ebc1f43144be3d2a4d84fdb001612602a02909a6e707d74728