Details

Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Since wireless communications can be intercepted, it is necessary to use encryption to protect the confidentiality of information in transit.

Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication.

Satisfies: SRG-OS-000299-GPOS-00117, SRG-OS-000300-GPOS-00118, SRG-OS-000379-GPOS-00164

Solution

To disable the Wi-Fi network device, run the following command:

/usr/bin/sudo /usr/sbin/networksetup -setnetworkserviceenabled ‘Wi-Fi’ off

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_OS_X_10-15_V1R7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Identification and Authentication.This control applies to the following type of system Unix.

References

• 800-53|AC-18(1)
• 800-53|IA-3(1)
• CAT|II
• CCI|CCI-001443
• CCI|CCI-001444
• CCI|CCI-001967
• Rule-ID|SV-225125r610901_rule
• STIG-ID|AOSX-15-000008
• STIG-Legacy|SV-111627
• STIG-Legacy|V-102665
• Vuln-ID|V-225125

Source

• Tenable.com/audits