Monterey - Disable Remote Apple Events

Information

If the system does not require Remote Apple Events, support for Apple Remote Events is non-essential and _MUST_ be disabled.

The information system _MUST_ be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling.

Solution

[source,bash]
----
/usr/sbin/systemsetup -setremoteappleevents off
/bin/launchctl disable system/com.apple.AEServer
----
NOTE: Systemsetup with -setremoteappleevents flag will fail unless you grant Full Disk Access to systemsetup or it's parent process. Requires UAMDM.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-3, 800-53|AC-17, 800-53|CM-7b., CCE|CCE-91070-3, CCI|CCI-000382

Plugin: Unix

Control ID: 8c8c850e05cec8bc32671c9772a2abe71c84f6f96add2adeefd57afed453ce6b