STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Apple macOS 15 (Sequoia) Security Technical Implementation Guide

V-268484

CAT II (Medium)

The macOS system must disable the built-in web server.

Rule ID

SV-268484r1137691_rule

STIG

Apple macOS 15 (Sequoia) Security Technical Implementation Guide

Version

V1R7

CCIs

CCI-000213

Discussion

The built-in web server is a nonessential service built into macOS and must be disabled. NOTE: The built-in web server is disabled at startup by default with macOS.

Check Content

Verify the macOS system is configured to disable the built-in web server with the following command:

/bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => disabled'

If the result is not "1", this is a finding.

Fix Text

Configure the macOS system to disable the built-in web server with the following command:

/bin/launchctl disable system/org.apache.httpd

The system may need to be restarted for the update to take effect.