CCE-50394-6Platform: cpe:/o:apple:mac_os_14 | Date: (C)2024-04-23 (M)2024-04-23 |
Smart card authentication must be allowed. The use of smart card credentials facilitates standardization and reduces the risk of unauthorized access. When enabled, the smart card can be used for logon, authorization, and screen saver unlocking.
Audit:
Verify the macOS system is configured to allow smart card authentication with the following command:
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.security.smartcard')\
.objectForKey('allowSmartCard').js
EOS
If the result is not "true", this is a finding.
Remediation:
Configure the macOS system to enforce multifactor authentication by installing the "com.apple.security.smartcard" configuration profile with 'allowSmartCard' key set to true
Parameter:
[Yes/No]
Technical Mechanism:
Configure the macOS system to enforce multifactor authentication by installing the "com.apple.security.smartcard" configuration profile with 'allowSmartCard' key set to true
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.4 | Attack Vector: LOCAL |
Exploit Score: 1.4 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:99393 |