The macOS system must be configured to use an authorized time server.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-268449	SRG-OS-000355-GPOS-00143	APPL-15-000170	SV-268449r1038944_rule	2025-02-20	1

Description
An approved time server must be the only server configured for use. As of macOS 10.13, only one time server is supported. This rule ensures the uniformity of time stamps for information systems with multiple system clocks and systems connected over a network. Satisfies: SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144

ℹ️ Check
Verify the macOS system is configured to use an authorized time server with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\ .objectForKey('timeServer').js EOS If the result is not an authoritative time server that is synchronized with redundant USNO time servers as designated for the appropriate DOD network, this is a finding.

ℹ️ Check

Verify the macOS system is configured to use an authorized time server with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.MCX')\ .objectForKey('timeServer').js EOS If the result is not an authoritative time server that is synchronized with redundant USNO time servers as designated for the appropriate DOD network, this is a finding.

✔️ Fix
Configure the macOS system to use an authorized time server by installing the "com.apple.MCX" configuration profile.