The macOS system must allow smart card authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-268543 | APPL-15-003030 | SV-268543r1034569_rule | Medium |
| Description |
| Smart card authentication must be allowed. The use of smart card credentials facilitates standardization and reduces the risk of unauthorized access. When enabled, the smart card can be used for login, authorization, and screen saver unlocking. Satisfies: SRG-OS-000068-GPOS-00036, SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000376-GPOS-00161 |
| STIG | Date |
| Apple macOS 15 (Sequoia) Security Technical Implementation Guide | 2025-05-05 |
Details
| Check Text (C-72573r1034567_chk) |
| Verify the macOS system is configured to allow smart card authentication with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.security.smartcard')\ .objectForKey('allowSmartCard').js EOS If the result is not "true", this is a finding. |
| Fix Text (F-72474r1034568_fix) |
| Configure the macOS system to enforce multifactor authentication by installing the "com.apple.security.smartcard" configuration profile. NOTE: To ensure continued access to the operating system, consult the supplemental guidance provided with the STIG before applying the configuration profile. |