APPL-11-002017 - The macOS system must cover or disable the built-in or attached camera when not in use.

Information

It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.

Failing to disconnect from collaborative computing devices (i.e., cameras) can result in subsequent compromises of organizational information. Providing easy methods to physically disconnect from such devices after a collaborative computing session helps to ensure that participants actually carry out the disconnect activity without having to go through complex and tedious procedures.

Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000370-GPOS-00155

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

This setting is enforced using the 'Restrictions Policy' configuration profile.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_11_V1R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-7a., 800-53|SC-15(1), 800-53|SC-15a., CAT|II, CCI|CCI-000381, CCI|CCI-001150, CCI|CCI-001153, Rule-ID|SV-230802r599842_rule, STIG-ID|APPL-11-002017, Vuln-ID|V-230802

Plugin: Unix

Control ID: 5757d5034eb21fe9d801a6b441145197db99021af4093dd7cf43ad5551fb4812