MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

 (OSX1026SVR0007:   CAT II) The SA will ensure that an account will be locked after 35

days of account inactivity.

(OSX1026SVR0008:   CAT II) The SA will ensure that an account will be disabled after 35

days of inactivity.  Account information, files, etc., will be retained for one year, if deemed

necessary.  The owner of the files will be changed to root, in the interim, and the IAO and SA

will ensure none of the Mac OS X server files violates the requirements for files owned by

root.

3.1.1  Interactive Users

8500.2 security requires all users accomplish identification and authentication (I&A) to a

computing system with a minimum of a legitimate, authenticated account name and password

pair before access to computing resources is granted.  The IAO controls access to Mac OS X

resources by authorizing functionality to accounts as documented on proper documentation

received from the prospective user's supervisor.  For DOD personnel, that documentation will be

a DD Form 2875 or an equivalent form.  The IAO will direct the SA to assign unprivileged users

a uid greater than 20 (unprivileged user uids generally begin with 1000), and a primary GID

greater than 19 (unprivileged user GIDs usually start at 100).  Users may be assigned to more

than one group, as necessary.  Systems usually reserve the first 30 uids and gids for system use.

(OSX1026GEN008:  CAT III) The SA will ensure each user is assigned a unique account

name.

(OSX1026GEN0009:  CAT II) The SA will ensure each user is assigned a unique uid.

(OSX1026ADM0005:  CAT II) The IAO will ensure all user access rights are documented

on DD Form 2875 or an equivalent form.

3.1.2  Logon Warning Banner

Recent criminal court cases involving unauthorized access to official Government computer

systems has prompted the need for a logon warning banner to be presented to anyone accessing a

Government computer system.  Refer to 3.1.2.1  Logon Warning Banner Implementation.  The

following points must be made in the banner:  1) The system is a DOD system.  2) The system is

subject to monitoring.  3) Monitoring is authorized in accordance with applicable laws and

regulations and conducted for purposes of systems management and protection, protection

against improper or unauthorized use or access, and verification of applicable security features or

procedures.  4) Use of the system constitutes consent to monitoring.  5) The system is for

authorized US government use only.

(OSX1026GEN0010:  CAT II) The SA will ensure a logon warning banner is displayed on all

devices that allow application or command level access.

(OSX1026GEN0010:  CAT II) The SA will ensure a logon warning banner is displayed

before the actual logon attempt is made.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved