The macOS system must disable Screen Sharing and Apple Remote Desktop.

STIG ID: APPL-26-002050  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: medium (CAT II)  |  CCI: CCI-000213 |  Vulnerability Id: V-277114

Vulnerability Discussion

Support for both Screen Sharing and Apple Remote Desktop is nonessential and must be disabled.

The information system must be configured to provide only essential capabilities. Disabling Screen Sharing and Apple Remote Desktop helps prevent unauthorized connection of devices, transfer of information, and tunneling.

Check

Verify the macOS system is configured to disable Screen Sharing and Apple Remote Desktop with the following command:

result="FAIL"
enabled=$(/bin/launchctl print-disabled system | /usr/bin/grep '"com.apple.screensharing" => enabled')
running=$(/bin/launchctl print system/com.apple.screensharing 2>/dev/null)

if [[ -z "$running" ]] && [[ -z "$enabled" ]]; then
result="PASS"
elif [[ -n "$running" ]]; then
result=result+" RUNNING"
elif [[ -n "$enabled" ]]; then
result=result+" ENABLED"
fi
echo $result

If the result is not "PASS", this is a finding.

Fix

Configure the macOS system to disable Screen Sharing and Apple Remote Desktop with the following command:

/bin/launchctl bootout system/com.apple.screensharing
/bin/launchctl disable system/com.apple.screensharing

Note: This will apply to the whole system.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.