Catalina - Configure Gatekeeper to Disallow End User Override

Information

Gatekeeper _MUST_ be configured with a configuration profile to prevent normal users from overriding its settings.

If users are allowed to disable Gatekeeper or set it to a less restrictive setting, malware could be introduced into the system.

Solution

To implement the prescribed state with a Configuration Profile, create a configuration profile (com.apple.systempolicy.managed) with the following key DisableOverride set to true
[source,xml]
----
<key>DisableOverride</key>
<true/>
----
NOTE - This will apply to the whole system

mobileconfig profile info:

com.apple.systempolicy.managed:
DisableOverride:
True

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-5, 800-53|CM-6b., 800-53|SI-7(15), CCE|CCE-84835-8, CCI|CCI-000366, STIG-ID|AOSX-15-002061

Plugin: Unix

Control ID: bc480e7f5b01f12f48faa397ab807b2352e3f4d621edf59be3ac051eb29e0572