Details
A rogue or compromised certificate should not be trsuted
Solution
Run the following commands to enforce the compliant state To set the CRL settings:
defaults write com.apple.security.revocation CRLStyle -string RequireIfPresent
To set the OCSP settings:
defaults write com.apple.security.revocation OCSPStyle -string RequireIfPresent
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.