APPL-14-002022 - The macOS system must disable Remote Apple Events.

Information

If the system does not require Remote Apple Events, support for Apple Remote Events is nonessential and must be disabled.

The information system must be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling.

Satisfies: SRG-OS-000080-GPOS-00048,SRG-OS-000096-GPOS-00050

Solution

Configure the macOS system to disable Remote Apple Events with the following commands:

/usr/sbin/systemsetup -setremoteappleevents off
/bin/launchctl disable system/com.apple.AEServer

Note: Systemsetup with -setremoteappleevents flag will fail unless Full Disk Access to systemsetup or its parent process is granted. This requires supervision.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_14_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-3, 800-53|CM-7b., CAT|II, CCI|CCI-000213, CCI|CCI-000382, Rule-ID|SV-259495r958472_rule, STIG-ID|APPL-14-002022, Vuln-ID|V-259495

Plugin: Unix

Control ID: c55d4a2068c88fc959ae1f8d0d874b52104c53585c8d956970c1af04f6cac8a1