← Back to Apple macOS 12 (Monterey) Security Technical Implementation Guide

V-252447

CAT I (High)

The macOS system must be integrated into a directory services infrastructure.

Rule ID

SV-252447r991589_rule

STIG

Apple macOS 12 (Monterey) Security Technical Implementation Guide

Version

V1R9

CCIs

CCI-000366

Discussion

Distinct user account databases on each separate system cause problems with username and password policy enforcement. Most approved directory services infrastructure solutions allow centralized management of users and passwords.

Check Content

If the system is using a mandatory Smart Card Policy, this is Not Applicable. 

To determine if the system is integrated to a directory service, run the following command:

/usr/bin/dscl localhost -list . | /usr/bin/grep "Active Directory"

If no results are returned, this is a finding.

Fix Text

Integrate the system into an existing directory services infrastructure.