STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Apple macOS 14 (Sonoma) Security Technical Implementation Guide

V-259484

CAT II (Medium)

The macOS system must disable the built-in web server.

Rule ID

SV-259484r958472_rule

STIG

Apple macOS 14 (Sonoma) Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000213

Discussion

The built-in web server is a nonessential service built into macOS and must be disabled. Note: The built in web server service is disabled at startup by default macOS.

Check Content

Verify the macOS system is configured to disable the built-in web server with the following command:

/bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => disabled'

If the result is not "1", this is a finding.

Fix Text

Configure the macOS system to disable the built-in web server with the following command:

/bin/launchctl disable system/org.apache.httpd

The system may need to be restarted for the update to take effect.