MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

(OSX1026GEN0004:  CAT II) The SA will ensure user passwords are changed every

90 days.

(OSX1026GEN0020:  CAT II) The SA will ensure passwords are not be reused within 10

password changes.

(OSX1026ADM0005:  CAT III) The SA will ensure application passwords are changed at

least once a year and anytime an application administrator is reassigned.  This includes ftp

account passwords for ftp accounts used by applications or users.

(N/A:  CAT II) The IAO will ensure if a system cannot be configured to automatically enforce

the above password directives, that users are properly trained in password policy and proper

password construction.

NOTE: The training requirements will be a part of the standard operating procedure (SOP)

documentation.

(OSX1026GEN0019:  CAT II) The SA will ensure the root password is changed on the same

90 day schedule as for users.

(OSX1026ADM0006:  CAT III) The IAO will ensure the root password is changed whenever

someone who knows the root password is reassigned.

(OSX1026ADM0009:  CAT II) The IAO will be responsible for updating the documentation

and storage of root passwords whenever the root password changes.

(N/A:  CAT II) The IAO will limit the number of people who know the root password to

security and administrative personnel.

(N/A:  CAT II) The SA will assign the Open Firmware Application, system monitor (which

can be used Mac on OS X server), and other privileged user passwords, and they will be

treated the same as root passwords.

(OSX1026ADM0007:  CAT II)  The SA will ensure that the root account is disabled after the

password is changed to meet the strong encryption requirements.

NOTE:  This is done from the Netinfo Manager or from the command line.

The Mac OS cannot be configured to automatically enforce the above password directives for

local passwords; the IAO will ensure that users are properly trained in password policy and

proper password construction.  However, this only pertains to the local accounts of the machines.

If the machine connects to a Windows or Mac OS X server then the network password will

conform to standards.

3.2.2 Keychains

Another security related item that is of interest is the Keychain Feature of the Mac and its

applications.  Keychains can be saved and transferred from machine to machine for easy access

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved