Big Sur - Configure Gatekeeper to Disallow End User Override

Information

Gatekeeper _MUST_ be configured with a configuration profile to prevent normal users from overriding its settings.

If users are allowed to disable Gatekeeper or set it to a less restrictive setting, malware could be introduced into the system.

Solution

To implement the prescribed state with a Configuration Profile, create a configuration profile (com.apple.systempolicy.managed) with the following key DisableOverride set to true
[source,xml]
----
<key>DisableOverride</key>
<true/>
----
NOTE - This will apply to the whole system

mobileconfig profile info:

com.apple.systempolicy.managed:
DisableOverride:
True

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-5, 800-53|SI-7(15), CCE|CCE-85430-7

Plugin: Unix

Control ID: f7e04547f69fa5975632c4b0eef287988e5f379f06fb641df9c4dea725838eff