2.3.3 Ensure Gatekeeper Is Enabled

Information

Gatekeeper is Apple's application that utilizes allowlisting to restrict downloaded applications from launching. It functions as a control to limit applications from unverified sources from running without authorization. In an update to Gatekeeper in macOS 13 Ventura, Gatekeeper checks every application on every launch, not just quarantined apps.

Disallowing unsigned software will reduce the risk of unauthorized or malicious applications from running on the system.

Solution

Run the following command to enable Gatekeeper to allow applications from App Store and identified developers:

% /usr/bin/sudo /usr/sbin/spctl --global-enable

See Also

https://workbench.cisecurity.org/benchmarks/18639

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, 800-53|SI-16, CSCv7|8.2, CSCv7|8.4

Plugin: Unix

Control ID: f6e411b007fb59c7019659c49bd9740e4ade57ed3a975dd29b6dda7684e2580e