The macOS system must be integrated into a directory services infrastructure.

STIG ID: APPL-14-000016  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-259427 | 

Vulnerability Discussion

A directory service infrastructure enables centralized user and rights management, as well as centralized control over computer and user configurations. Integrating the macOS systems used throughout an organization into a directory services infrastructure ensures more administrator oversight and security than allowing distinct user account databases to exist on each separate system.

Check

Verify the macOS system is configured to integrate into a directory service with the following command:

/usr/bin/dscl localhost -list . \| /usr/bin/grep -qvE '(Contact\|Search\|Local\|^$)'; /bin/echo $?

If the result is not "0", this is a finding.

Fix

Configure the macOS system to integrate into an existing directory services infrastructure.