Macintosh OS X Workstation STIG, V1R1 


DISA Field Security Operations 


15 June 2004 


Developed by DISA for the DOD 


TABLE OF CONTENTS 


Page 


1.  INTRODUCTION ......................................................................................................................1 


1.1  Background..........................................................................................................................1 


1.2  Authority..............................................................................................................................1 


1.3  Scope ...................................................................................................................................2 


1.4  Writing Conventions............................................................................................................2 


1.5  STIG Distribution ................................................................................................................2 


1.6  Document Revisions............................................................................................................3 


2.  INTEGRITY ...............................................................................................................................4 


2.1  Hardware Integrity...............................................................................................................4 


2.1.1  System Equipment .................................................................................................... 4 


2.2  Software Integrity ................................................................................................................5 


2.2.1  Free and Open Source Operating System Software.................................................. 5 


2.3  Data Integrity.......................................................................................................................6 


2.3.1  File Integrity.............................................................................................................. 6 


2.3.2  Availability and File Location .................................................................................. 7 


2.4  Patch Control .......................................................................................................................7 


2.4.1  DOD Patch Repository ............................................................................................. 8 


3.  DISCRETIONARY ACCESS CONTROL ..............................................................................10 


3.1  User Account Controls ......................................................................................................10 


3.1.1  Interactive Users ..................................................................................................... 11 


3.1.2  Logon Warning Banner........................................................................................... 11 


3.1.3  Account Access....................................................................................................... 13 


3.1.4  Inactivity Timeout................................................................................................... 13 


3.2  Password Controls .............................................................................................................14 


3.2.1  Password Guidelines............................................................................................... 14 


3.2.2 Keychains................................................................................................................. 15 


3.3  Special Privilege Access....................................................................................................16 


3.3.1  Root Account .......................................................................................................... 16 


3.3.2  Groups..................................................................................................................... 18 


3.4  Resource Controls..............................................................................................................18 


3.4.1  File and Directory Controls .................................................................................... 18 


3.4.1.1  Home Directories ..................................................................................... 21 


3.4.1.2  Startup Files ............................................................................................. 22 


3.4.2  Device Files ............................................................................................................ 26 


3.5  Special Purpose Access Modes .........................................................................................27 


3.5.1  Set User ID (suid) ................................................................................................... 28 


3.5.2  Set Group ID (sgid)................................................................................................. 28 


3.5.3  Sticky Bit ................................................................................................................ 29 


3.6  Umask................................................................................................................................29 


3.7  Development Systems .......................................................................................................30 


3.8  Default Accounts ...............................................................................................................31 


3.9  Audit Requirements...........................................................................................................31 


3.10  Cron Access.....................................................................................................................33 


3.10.1  Access Controls .................................................................................................... 33 


iii


UNCLASSIFIED 






  

    

      

    
    
Home

    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    

    

     
    Mac Web Hosting



    

    

    

      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved