Details

While in Stealth mode the computer will not respond to unsolicited probes, dropping that traffic.

http://support.apple.com/en-us/HT201642

Rationale:

Stealth mode on the firewall minimizes the threat of system discovery tools while connected to a network or the Internet.

Impact:

Traditional network discovery tools like ping will not succeed. Other network tools that measure activity and approved applications will work as expected.

This control aligns with the primary macOS use case of a laptop that is often connected to untrusted networks where host segregation may be non-existent. In that use case hiding from the other inmates is likely more than desirable. In use cases where use is only on trusted LANs with static IP addresses stealth mode may not be desirable.

Solution

Perform the following to implement the prescribed state:

Open System Preferences

Select Security & Privacy

Select Firewall Options

Select Enable stealth mode

Alternatively:
Run the following command in Terminal:

sudo /usr/libexec/ApplicationFirewall/socketfilterfw –setstealthmode on

Additional Information:

http://osxdaily.com/2015/11/18/enable-stealth-mode-mac-os-x-firewall/

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3092

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-7(12)
• CSCv6|9.2

Source

• Tenable.com/audits