STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Apple macOS 12 (Monterey) Security Technical Implementation Guide

V-252536

CAT II (Medium)

The macOS Application Firewall must be enabled.

Rule ID

SV-252536r991593_rule

STIG

Apple macOS 12 (Monterey) Security Technical Implementation Guide

Version

V1R9

CCIs

CCI-000366

Discussion

Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network.

Check Content

Verify that the built-in firewall is enabled:

# /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep 'EnableFirewall\|EnableStealthMode' 
 
If the return is not "EnableFirewall = 1;" and "EnableStealthMode = 1;" this is a finding.

If the built-in firewall is not enabled, ask the System Administrator if another application firewall is installed and enabled.  
 
If no application firewall is installed and enabled, this is a finding.

Fix Text

This setting is enforced using the "Restrictions Policy" configuration profile.