Details
Gatekeeper _MUST_ be configured with a configuration profile to prevent normal users from overriding its settings.
If users are allowed to disable Gatekeeper or set it to a less restrictive setting, malware could be introduced into the system.
Solution
To implement the prescribed state with a Configuration Profile, create a configuration profile (com.apple.systempolicy.managed) with the following key DisableOverride set to true
[source,xml]
—-
NOTE – This will apply to the whole system
mobileconfig profile info:
com.apple.systempolicy.managed:
DisableOverride:
True
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, System and Information Integrity.This control applies to the following type of system Unix.
References
- 800-53|CM-5
- 800-53|SI-7(15)
- CCE|CCE-85430-7