The macOS system must prevent AdminHostInfo from being available at LoginWindow.

STIG ID: APPL-14-000009  |  SRG: SRG-OS-000029-GPOS-00010 | Severity: medium |  CCI: CCI-000057

Vulnerability Discussion

The system must be configured to not display sensitive information at the LoginWindow. The key AdminHostInfo when configured will allow the HostName, IP Address, and operating system version and build to be displayed.

Check

Verify the macOS system is configured to prevent AdminHostInfo from being available at LoginWindow with the following command:

/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\
.objectIsForcedForKey('AdminHostInfo')
EOS

If the result is not "false", this is a finding.

Fix

Configure the macOS system to prevent AdminHostInfo from being available at LoginWindow by installing the "com.apple.loginwindow" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.