← Back to Apple macOS 14 (Sonoma) Security Technical Implementation Guide

V-259570

CAT II (Medium)

The macOS system must enable Authenticated Root.

Rule ID

SV-259570r958472_rule

STIG

Apple macOS 14 (Sonoma) Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000213

Discussion

Authenticated Root must be enabled. When Authenticated Root is enabled the macOS is booted from a signed volume that is cryptographically protected to prevent tampering with the system volume. Note: Authenticated Root is enabled by default on macOS systems. WARNING: If more than one partition with macOS is detected, the csrutil command will hang awaiting input.

Check Content

Verify the macOS system is configured to enable authenticated root with the following command:

/usr/bin/csrutil authenticated-root | /usr/bin/grep -c 'enabled'

If the result is not "1", this is a finding.

Fix Text

Configure the macOS system to enable authenticated root with the following command:

/usr/bin/csrutil authenticated-root enable

Note: To reenable "Authenticated Root", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the command.