The macOS system must authorize USB devices before allowing connection.

STIG ID: APPL-14-005090  |  SRG: SRG-OS-000378-GPOS-00163 | Severity: medium |  CCI: CCI-001958

Vulnerability Discussion

USB devices connected to a Mac must be authorized.

[IMPORTANT]
====
This feature is removed if a smart card is paired or smart card attribute mapping is configured.
====

Check

Verify the macOS system is configured to authorize USB devices before allowing connection with the following command:

/usr/bin/osascript -l JavaScript << EOS
function run() {
let pref1 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowUSBRestrictedMode'))
if ( pref1 == false ) {
return("false")
} else {
return("true")
}
}
EOS

If the result is not "true", this is a finding.

Fix

Configure the macOS system to authorize USB devices before allowing connection by installing the "com.apple.applicationaccess" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.