STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Apple macOS 15 (Sequoia) Security Technical Implementation Guide

V-268569

CAT II (Medium)

The macOS system must enforce enrollment in Mobile Device Management (MDM).

Rule ID

SV-268569r1034647_rule

STIG

Apple macOS 15 (Sequoia) Security Technical Implementation Guide

Version

V1R7

CCIs

CCI-000366

Discussion

Users must enroll their Mac in MDM software. User Approved MDM (UAMDM) enrollment or enrollment via Apple Business Manager (ABM)/Apple School Manager (ASM) is required to manage certain security settings. Currently, these include: * Allowed Kernel Extensions. * Allowed Approved System Extensions. * Privacy Preferences Policy Control Payload. * ExtensibleSingleSignOn. * FDEFileVault. * Activation Lock Bypass. * Access to Bootstrap Tokens. * Scheduling Software Updates. * Query list and delete local users.

Check Content

Verify the macOS system is configured to enforce enrollment in mobile device management with the following command:

/usr/bin/profiles status -type enrollment | /usr/bin/awk -F: '/MDM enrollment/ {print $2}' | /usr/bin/grep -c "Yes (User Approved)"

If the result is not "1", this is a finding.

Fix Text

Configure the macOS system by ensuring that the system is enrolled via UAMDM.