Macintosh OS X Security Technical Implementation Guide, v1 Release 1

v1 Release 1

Final

Not available.

2004-06-15

Operating system

Apple Computer, Inc.

Macintosh OS X

10.2

Desktop Client, Server

The Macintosh (Mac) OS X Security Technical Implementation Guide (STIG) provides the technical security policies and requirements for deploying a secure Information System (IS) running Macintosh OS X in a Department of Defense (DOD) network environment. The intent of this Macintosh OS X STIG is to address security considerations for adding an IS running Mac OS X to a DOD network with an acceptable level of risk. Most of the checks that are in this document are based on the UNIX side of the Macintosh OS. Some of these are carried over from the UNIX STIG and are designed to be a baseline for security. Included are several checks which are specific to the Mac OS X side of the environment. The checks include access control, network services, and trust relationships. This STIG is designed for the Mac OS X 10.2 workstation and Mac OS X 10.2 server. The use of the principles and guidelines in this STIG will provide an environment that meets or exceeds the security requirements of DOD systems operating at the MAC II Sensitive level, containing unclassified but sensitive information.

This Macintosh OS X STIG presents the known security configuration items, vulnerabilities, and issues required to be addressed by DoD policy. In addition to this STIG, compliance validation tools and checklists are available to .mil and .gov customers to assist in the efforts to implement the required configuration. It must be noted that the guidelines specified should be evaluated in a local, representative test environment before implementation within large user populations. The extensive variety of environments makes it impossible to test these guidelines for all potential software configurations. For some environments, failure to test before implementation will lead to a loss of required functionality. It is important to note that even though Mac OS X is based on BSD UNIX and all UNIX systems share common characteristics, they each implement features differently. They do not all implement the same features, and use different methods for implementing some of the same features. This document is limited to Mac OS X 10.2 systems, although additional system support will be included as necessary.

Developped for the DOD.
The requirements set forth in this document are designed to assist Information Systems Security Officers (IAOs) and System Administrators (SAs) in support of protecting DOD network infrastructures and resources. This document assumes that the reader has experience installing and administering the Macintosh operating system.

Enterprise and Specialized Security-Limited Functionality.

Not available.

Not available.

Not available.

Not available.

DOD Directive 8500.

Refer to Known Issues.

Not available.

It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.

Defense Information Systems Agency

Not available.

Not available.

Not available.

http://iase.disa.mil/stigs/stig/index.html

http://iase.disa.mil/stigs/stig/mac-stig-v1r1.pdf

SHA1 Digest (mac-stig-v1r1.pdf) =
15562b837c613123c2a876e6867b81ef11517029

SHA256 Digest (mac-stig-v1r1.pdf) =
73d8c240063e51a97f84c8550502407cb0d0bff02
92b5278ba6f2c0b785b7ff2

v1 Release 1: 2004-06-15

Not available.

Government Publications

Department of Defense (DOD) Directive 8500.1, “Information Assurance”, October 2002.

DOD Instruction 8500.2, “Information Assurance (IA) Implementation,” February 2003.

Defense Information Systems Agency (DISA)/Chief Information Officer, Memorandum for Distribution, “DISA Standard Computer Configurations,” Version 1999-A, November 1998.

Defense Information Systems Agency Instruction (DISAI) 630-230-19, “Security Requirements for Automated Information Systems (AIS),” July 1996.

DISA/Defense Information Services Organization (DISO) Naming Convention Standards, March 1994.

National Security Agency (NSA), “Information Systems Security Products and Services Catalog” (Current Edition).

NSA, “Guide to Securing Microsoft Windows 2000 Active Directory,” Version 1.0, December 2000.

NSA, “Guide to Securing Microsoft Windows 2000 File and Disk Resources,” Version 1.0, 19 April 2001.

NSA, “Guide to Securing Microsoft Windows 2000 Group Policy: Security Configuration Tool Set,” Version 1.2, December 2002.

NSA, “Guide to Securing Microsoft Windows NT Networks,” Version 4.2, 18 September 2001.

Defense Logistics Agency Regulation (DLAR) 5200.17, “Security Requirements for Automated Information and Telecommunications Systems,” 9 October 1991.

Field Security Operations Publications

DISA Computing Services Security Handbook

Windows 2000 Addendum

Desktop Application STIG

Network Infrastructure STIG

General Information Sites

Apple.  This site contains all security-related documents for Mac OS X. 
http://www.apple.com/

Australian Computer Emergency Response Team.  They maintain security “how to” documents.  http://www.auscert.org.au/

Defense Information Systems Agency (DISA) DOD-CERT (Department of Defense - Computer Emergency Response Team). 
http://www.cert.mil/

CERT.  A focal point for the computer security concerns of Internet users.  http://www.cert.org/

The U.S. Department of Energy’s Computer Incident Advisory Capability.  http://www.ciac.llnl.gov/

COAST (Computer Operations, Audit, and Security Technology) focuses on real-world research needs.  http://www.cs.purdue.edu/

National Institute of Standards and Technology’s Computer Security Resource Clearinghouse.  http://www.csrc.nist.gov/

Defense Information Systems Agency (DISA) Home Page. 
http://www.datahouse.disa.mil/  

Macintosh and Unix guide for script writing.  http://www.macosxhints.com/

National Security Institute’s Security Resource Net Home Page. 
http://www.nsi.org/

Vulnerability Compliance Tracking System (VCTS). 
https://vms.disa.mil/

Vulnerability Compliance Tracking System (VCTS) (Secret and Confidential).  https://vms.disa.smil.mil/

1065