Big Sur - Secure Name Address Resolution Service

Information

The information system requests and performs data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.

NOTE: macOS supports encrypted DNS settings with the com.apple.dnsSettings.managed payload, however, the system must be integrated with a DNS server that supports encrypted DNS. link:https://developer.apple.com/documentation/devicemanagement/dnssettings[]

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-21, CCE|CCE-85372-1, CCI|CCI-002465, CCI|CCI-002466, CCI|CCI-002467, CCI|CCI-002468

Plugin: Unix

Control ID: c2ab7157752e3cad3ba52fd1f09e54e42f1b9b0c10ee5e6be3c84c1e8a0423da