The macOS system must disable Bonjour multicast.

STIG ID: APPL-14-002005  |  SRG: SRG-OS-000095-GPOS-00049 | Severity: medium |  CCI: CCI-000381

Vulnerability Discussion

Bonjour multicast advertising must be disabled to prevent the system from broadcasting its presence and available services over network interfaces.

Check

Verify the macOS system is configured to disable Bonjour multicast with the following command:

/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.mDNSResponder')\
.objectForKey('NoMulticastAdvertisements').js
EOS

If the result is not "true", this is a finding.

Fix

Configure the macOS system to disable Bonjour multicast by installing the "com.apple.mDNSResponder" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.