The macOS system must disable Bonjour multicast.

STIG ID: APPL-14-002005  |  SRG: SRG-OS-000095-GPOS-00049 | Severity: medium |  CCI: CCI-000381

Vulnerability Discussion

Bonjour multicast advertising must be disabled to prevent the system from
broadcasting its presence and available services over network interfaces.

Check

Verify the macOS system is configured to disable Bonjour multicast with the following
command:

/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.mDNSResponder')\
.objectForKey('NoMulticastAdvertisements').js
EOS

If the result is not "true", this is a finding.

Fix

Configure the macOS system to disable Bonjour multicast by installing
the "com.apple.mDNSResponder" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.