The macOS system must disable Siri Setup during Setup Assistant.

STIG ID: APPL-14-002039  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium |  CCI: CCI-000381 |  Vulnerability Id: V-259500

Vulnerability Discussion

The prompt for Siri during Setup Assistant must be disabled.

Organizations must apply organizationwide configuration settings. The macOS Siri Assistant Setup prompt
guides new users through enabling their own specific Siri settings; this is not essential and,
therefore, must be disabled to prevent against the risk of individuals electing Siri settings with the
potential to override organizationwide settings.

Check

Verify the macOS system is configured to disable Siri Setup during Setup Assistant with
the following command:

/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.SetupAssistant.managed')\
.objectForKey('SkipSiriSetup').js
EOS

If the result is not "true", this is a finding.

Fix

Configure the macOS system to disable Siri Setup during Setup Assistant
by installing the "com.apple.SetupAssistant.managed" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.