This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.

The macOS system must enable SSH server for remote access sessions.

STIG ID: APPL-14-000080  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: medium (CAT II)  |  CCI: CCI-000213,CCI-001942,CCI-002420,CCI-002422 |  Vulnerability Id: V-259442

Vulnerability Discussion

Remote access sessions must use encrypted methods to protect unauthorized individuals from gaining access.

Satisfies: SRG-OS-000080-GPOS-00048,SRG-OS-000113-GPOS-00058,SRG-OS-000425-GPOS-00189,SRG-OS-000426-GPOS-00190

Check

Verify the macOS system is configured to enable SSH server for remote access sessions with the following command:

/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => enabled'

If the result is not "1", this is a finding.

Fix

Configure the macOS system to enable SSH server for remote access sessions with the following command:

/bin/launchctl enable system/com.openssh.sshd
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.