The macOS system must disable Network File System (NFS) service.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-277086 | SRG-OS-000080-GPOS-00048 | APPL-26-002003 | SV-277086r1148710_rule | 2025-10-01 | 1 |
| Description |
|---|
| Support for NFS services is nonessential and, therefore, must be disabled. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized. |
| ℹ️ Check |
|---|
| Verify the macOS system is configured to disable NFS service with the following commands: isDisabled=$(/sbin/nfsd status | /usr/bin/awk '/nfsd service/ {print $NF}') if [[ "$isDisabled" == "disabled" ]] && [[ -z $(/usr/bin/pgrep nfsd) ]]; then echo "pass" else echo "fail" fi If the result is not "pass", this is a finding. |
| ✔️ Fix |
|---|
| Configure the macOS system to disable NFS service with the following commands: /bin/launchctl disable system/com.apple.nfsd /bin/rm -rf /etc/exports The system may need a restart for the update to take effect. |