Monterey - Configure Gatekeeper to Disallow End User Override

Information

Gatekeeper _MUST_ be configured with a configuration profile to prevent normal users from overriding its settings.

If users are allowed to disable Gatekeeper or set it to a less restrictive setting, malware could be introduced into the system.

Solution

To implement the prescribed state with a Configuration Profile, create a configuration profile (com.apple.systempolicy.managed) with the following key DisableOverride set to true
[source,xml]
----
<key>DisableOverride</key>
<true/>
----
NOTE - This will apply to the whole system

mobileconfig profile info:

com.apple.systempolicy.managed:
DisableOverride:
True

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-5, 800-53|CM-6b., 800-53|SI-7(15), CCE|CCE-91058-8, CCI|CCI-000366

Plugin: Unix

Control ID: 4d20062c31969caa7b5a409e4c76a19f4e8c4febcc5963d2cb31e53eb8e33784