Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system.
Accordingly, software defined by the organization as critical must be signed with a certificate that is recognized and approved by the organization.
Check
Verify the macOS system is configured with the security assessment policy subsystem enabled with the following command:
/usr/sbin/spctl --status
assessments enabled
If "assessments enabled" is not returned, this is a finding.
Fix
Configure the macOS system to enable the security assessment policy subsystem by installing the "Custom Policy" configuration profile.