Information
System Integrity Protection (SIP) must be enabled.
SIP is vital to protecting the integrity of the system as it prevents malicious users and software from making unauthorized and/or unintended modifications to protected files and folders; ensures the presence of an audit record generation capability for defined auditable events for all operating system components; protects audit tools from unauthorized access, modification, and deletion; restricts the root user account and limits the actions that the root user can perform on protected parts of the macOS; and prevents nonprivileged users from granting other users direct access to the contents of their home directories and folders.
Note: SIP is enabled by default in macOS.
Satisfies: SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000062-GPOS-00031,SRG-OS-000080-GPOS-00048,SRG-OS-000122-GPOS-00063,SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099,SRG-OS-000259-GPOS-00100,SRG-OS-000278-GPOS-00108,SRG-OS-000350-GPOS-00138
Solution
Configure the macOS system to enable "System Integrity Protection" by booting into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the following command:
/usr/bin/csrutil enable
Item Details
Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
References: 800-53|AC-3, 800-53|AU-6(4), 800-53|AU-7(1), 800-53|AU-7a., 800-53|AU-9, 800-53|AU-9(3), 800-53|AU-12a., 800-53|CM-5(6), CAT|I, CCI|CCI-000154, CCI|CCI-000158, CCI|CCI-000162, CCI|CCI-000163, CCI|CCI-000164, CCI|CCI-000169, CCI|CCI-000213, CCI|CCI-001493, CCI|CCI-001494, CCI|CCI-001495, CCI|CCI-001496, CCI|CCI-001499, CCI|CCI-001876, CCI|CCI-001878, Rule-ID|SV-259560r958428_rule, STIG-ID|APPL-14-005001, Vuln-ID|V-259560
Control ID: 17c8109d8e7ce26702c36655c34259804fdd9158f2d851a5e1d7698b67056509