Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software

Information

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by the organizations.Some programs and processes are required to operate at a higher privilege level and therefore should be excluded from the organization-defined software list after review.

The inherent configuration of the macOS does not allow for non-privileged users to be able to execute functions requiring privilege.

link:https://developer.apple.com/library/archive/documentation/Security/Conceptual/AuthenticationAndAuthorizationGuide/Permissions/Permissions.html[]

Solution

The technology inherently meets this requirement. No fix is required.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(8), CCE|CCE-84862-2, CCI|CCI-002233

Plugin: Unix

Control ID: 4620d1228f965bf505cbd97f754062943d2e225187a5eced2e78fa84fd2ff35b