The macOS system must be integrated into a directory services infrastructure.

STIG ID: APPL-13-000016  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: high |  CCI: CCI-000366 |  Vulnerability Id: V-257153

Vulnerability Discussion

Distinct user account databases on each separate system cause problems with username and password policy enforcement. Most approved directory services infrastructure solutions allow centralized management of users and passwords.

Check

If the macOS system is using a mandatory Smart Card Policy, this requirement is not applicable.

Verify the macOS system is configured to integrate into a directory service with the following command:

/usr/bin/dscl localhost -list . | /usr/bin/grep "Active Directory"

If no results are returned, this is a finding.

Fix

Configure the macOS system to integrate into an existing directory services infrastructure.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.