The macOS system must issue or obtain public key certificates from an approved service provider.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-268534	APPL-15-003001	SV-268534r1034542_rule		Medium

Description

The organization must issue or obtain public key certificates from an organization-approved service provider and ensure only approved trust anchors are in the System Keychain. Satisfies: SRG-OS-000403-GPOS-00182, SRG-OS-000775-GPOS-00230

STIG	Date
Apple macOS 15 (Sequoia) Security Technical Implementation Guide	2025-05-05

Details

Check Text (C-72564r1034540_chk)

Verify the macOS system is configured to issue or obtain public key certificates from an approved service provider with the following command:

/usr/bin/security dump-keychain /Library/Keychains/System.keychain | /usr/bin/awk -F'"' '/labl/ {print $4}'

If the result does not contain a list of approved certificate authorities, this is a finding.

Fix Text (F-72465r1034541_fix)

Configure the macOS system to issue or obtain public key certificates from an approved service provider by obtaining the approved certificates from the appropriate authority and install them to the System Keychain.