NIST SP 800-179 SECURING APPLE OS X 10.10 SYSTEMS:
NIST
SECURITY CONFIGURATION CHECKLIST
This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-179
The potential impact is MODERATE if the loss of confidentiality, integrity, or
availability could be expected to have a serious adverse effect on organizational
operations, organizational assets, or individuals. A serious adverse effect means
that, for example, the loss of confidentiality, integrity, or availability might (i)
cause a significant degradation in mission capability to an extent and duration that
the organization is able to perform its primary functions, but the effectiveness of
the functions is significantly reduced; (ii) result in significant damage to
organizational assets; (iii) result in significant financial loss; or (iv) result in
significant harm to individuals that does not involve loss of life or serious life
threatening injuries.
The potential impact is HIGH if the loss of confidentiality, integrity, or
availability could be expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, or individuals. A severe or
catastrophic adverse effect means that, for example, the loss of confidentiality,
integrity, or availability might (i) cause a severe degradation in or loss of mission
capability to an extent and duration that the organization is not able to perform one
or more of its primary functions; (ii) result in major damage to organizational
assets; (iii) result in major financial loss; or (iv) result in severe or catastrophic
harm to individuals involving loss of life or serious life threatening injuries.”
Each system should be protected based on the potential impact to the system of a loss of
confidentiality, integrity, or availability. Protection measures (otherwise known as security
controls) tend to fall into two categories. First, security weaknesses in the system need to be
resolved. For example, if a system has a known vulnerability that attackers could exploit, the
system should be patched so that the vulnerability is removed or mitigated. Second, the system
should offer only the minimum required functionality to each authorized user. This principle is
known as least privilege.
9
Limiting functionality and resolving security weaknesses have a
common goal: give attackers as few opportunities as possible to breach a system.
Although each system should ideally be made as secure as possible, this is generally not feasible
because the system needs to meet the functional requirements of the system’s users. Another
common problem with security controls is that they often make systems less convenient or more
difficult to use. When usability is an issue, many users will attempt to circumvent security
controls; for example, if passwords must be long and complex, users may write them down.
Balancing security, functionality, and usability is often a challenge. This guide attempts to strike
a proper balance and make recommendations that provide a reasonably secure solution while
offering the functionality and usability that users require.
Another fundamental principle recommended by this guide is the use of multiple layers of
security. For example, a host may be protected from external attack by several controls,
including a network-based firewall, a host-based firewall, and OS patching. The motivation for
having multiple layers is that if one layer fails or otherwise cannot counteract a certain threat,
9
For more information on least privilege and other fundamental principles of computer security, see “The Protection of
Information in Computer Systems” by Jerome Saltzer and Michael Schroeder, April 17, 1975
(http://web.mit.edu/Saltzer/www/publications/protection/
).