The macOS system must authorize USB devices before allowing connection.

STIG ID: APPL-14-005090  |  SRG: SRG-OS-000378-GPOS-00163 |  Severity: medium |  CCI: CCI-001958,CCI-003959 |  Vulnerability Id: V-259572 | 

Vulnerability Discussion

USB devices connected to a Mac must be authorized.

[IMPORTANT]
====
This feature is removed if a smart card is paired or smart card attribute mapping is configured.
====

Check

Verify the macOS system is configured to authorize USB devices before allowing connection with the following command:

/usr/bin/osascript -l JavaScript << EOS
function run() {
let pref1 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowUSBRestrictedMode'))
if ( pref1 == false ) {
return("false")
} else {
return("true")
}
}
EOS

If the result is not "true", this is a finding.

Fix

Configure the macOS system to authorize USB devices before allowing connection by installing the "com.apple.applicationaccess" configuration profile.