The macOS system must enable Authenticated Root.

STIG ID: APPL-15-005070  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: medium |  CCI: CCI-000213 |  Vulnerability Id: V-268565

Vulnerability Discussion

Authenticated Root must be enabled.

When Authenticated Root is enabled, the macOS is booted from a signed volume that is cryptographically protected to prevent tampering with the system volume.

NOTE: Authenticated Root is enabled by default on macOS systems.

WARNING: If more than one partition with macOS is detected, the csrutil command will hang awaiting input.

Check

Verify the macOS system is configured to enable authenticated root with the following command:

/usr/libexec/mdmclient QuerySecurityInfo | /usr/bin/grep -c "AuthenticatedRootVolumeEnabled = 1;"

If the result is not "1", this is a finding.

Fix

Configure the macOS system to enable authenticated root with the following command:

/usr/bin/csrutil authenticated-root enable

NOTE: To reenable "Authenticated Root", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the command.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.