Catalina - Enforce Approved Authorization for Logical Access

Information

The information system _IS_ configured to enforce an approved authorization process before granting users logical access.

The inherent configuration of the macOS does not grant users logical access without authorization. Authorization is achieved on the macOS through permissions, which are controlled at many levels, from the Mach and BSD components of the kernel, through higher levels of the operating system and, for networked applications, through the networking protocols. Permissions can be granted at the level of directories, subdirectories, files or applications, or specific data within files or functions within applications.

link:https://developer.apple.com/library/archive/documentation/Security/Conceptual/AuthenticationAndAuthorizationGuide/Permissions/Permissions.html[]

Solution

The technology inherently meets this requirement. No fix is required.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CCE|CCE-84857-2, CCI|CCI-000213

Plugin: Unix

Control ID: f97a601bf9d85ff84fa9256e2b505c1df788796843bf7c3d544261775b363c45