1.1 Verify all Apple provided software is current | SYSTEM AND INFORMATION INTEGRITY |
1.2 Enable Auto Update | SYSTEM AND INFORMATION INTEGRITY |
1.3 Enable app update installs | SYSTEM AND INFORMATION INTEGRITY |
1.4 Enable system data files and security update installs - 'ConfigDataInstall' | SYSTEM AND INFORMATION INTEGRITY |
1.4 Enable system data files and security update installs - 'CriticalUpdateInstall' | SYSTEM AND INFORMATION INTEGRITY |
1.5 Enable OS X update installs | SYSTEM AND INFORMATION INTEGRITY |
2.1.1 Turn off Bluetooth, if no paired devices exist | CONFIGURATION MANAGEMENT |
2.1.2 Disable Bluetooth 'Discoverable' mode when not pairing devices | CONFIGURATION MANAGEMENT |
2.1.3 Show Bluetooth status in menu bar | CONFIGURATION MANAGEMENT |
2.2.1 Enable 'Set time and date automatically' | AUDIT AND ACCOUNTABILITY |
2.2.2 Ensure time set is within appropriate limits | CONFIGURATION MANAGEMENT |
2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver | ACCESS CONTROL |
2.3.3 Set a screen corner to Start Screen Saver | ACCESS CONTROL |
2.4.1 Disable Remote Apple Events | CONFIGURATION MANAGEMENT |
2.4.2 Disable Internet Sharing | CONFIGURATION MANAGEMENT |
2.4.3 Disable Screen Sharing | CONFIGURATION MANAGEMENT |
2.4.4 Disable Printer Sharing | CONFIGURATION MANAGEMENT |
2.4.5 Disable Remote Login | ACCESS CONTROL |
2.4.6 Disable DVD or CD Sharing | CONFIGURATION MANAGEMENT |
2.4.7 Disable Bluetooth Sharing | CONFIGURATION MANAGEMENT |
2.4.8 Disable File Sharing - AppleFileServer | CONFIGURATION MANAGEMENT |
2.4.8 Disable File Sharing - SMB | CONFIGURATION MANAGEMENT |
2.4.9 Disable Remote Management | CONFIGURATION MANAGEMENT |
2.5.1 Disable 'Wake for network access' | ACCESS CONTROL |
2.6.1.1 Enable FileVault | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.1.2 Ensure all user storage CoreStorage volumes are encrypted | CONFIGURATION MANAGEMENT |
2.6.2 Enable Gatekeeper | CONFIGURATION MANAGEMENT |
2.6.3 Enable Firewall | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.4 Enable Firewall Stealth Mode | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.5 Review Application Firewall Rules | SYSTEM AND COMMUNICATIONS PROTECTION |
2.8.2 Time Machine Volumes Are Encrypted | SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Pair the remote control infrared receiver if enabled | ACCESS CONTROL |
2.10 Enable Secure Keyboard Entry in terminal.app | CONFIGURATION MANAGEMENT |
3.1 Enable security auditing | AUDIT AND ACCOUNTABILITY |
3.3 Ensure security auditing retention | AUDIT AND ACCOUNTABILITY |
3.4 Control access to audit records - /etc/security/audit_control | CONFIGURATION MANAGEMENT |
3.4 Control access to audit records - /var/audit | AUDIT AND ACCOUNTABILITY |
3.5 Retain install.log for 365 or more days | AUDIT AND ACCOUNTABILITY |
3.6 Ensure Firewall is configured to log | AUDIT AND ACCOUNTABILITY |
4.2 Enable 'Show Wi-Fi status in menu bar' | CONFIGURATION MANAGEMENT |
4.4 Ensure http server is not running | CONFIGURATION MANAGEMENT |
4.5 Ensure ftp server is not running | CONFIGURATION MANAGEMENT |
4.6 Ensure nfs server is not running | CONFIGURATION MANAGEMENT |
5.1.1 Secure Home Folders | CONFIGURATION MANAGEMENT |
5.1.2 Check System Wide Applications for appropriate permissions | ACCESS CONTROL |
5.1.3 Check System folder for world writable files | ACCESS CONTROL |
5.2.1 Configure account lockout threshold | ACCESS CONTROL |
5.2.2 Set a minimum password length | IDENTIFICATION AND AUTHENTICATION |
5.2.7 Password Age | IDENTIFICATION AND AUTHENTICATION |
5.2.8 Password History | IDENTIFICATION AND AUTHENTICATION |