Big Sur - Must authenticate peripherals before establishing a connection

Information

Organizational devices requiring unique device-to-device identification and authentication may be defined by type, by device, or by a combination of type/device. Information systems typically use either shared known information (e.g., Media Access Control [MAC] or Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., IEEE 802.1x and Extensible Authentication Protocol [EAP], Radius server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify/authenticate devices on local and/or wide area networks. Organizations determine the required strength of authentication mechanisms by the security categories of information systems. Because of the challenges of applying this control on large scale, organizations are encouraged to only apply the control to those limited number (and type) of devices that truly need to support this capability.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This requirement is a permanent finding and can be fixed by implementing a third party solution.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-3, CCE|CCE-85297-0, CCI|CCI-001958

Plugin: Unix

Control ID: ebbde3a763fbf752483815b29e11c4f0b780a54db5d7507a1b10a64a9c7bf786