Detections
Analytics

CIS Apple macOS 10.13 L2 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple macOS 10.13 L2 v1.0.0

Updated: 8/2/2021

Authority: CIS

Plugin: Unix

Revision: 1.7

Estimated Item Count: 50

File Details

Filename: CIS_Apple_macOS_10.13_v1.0.0_Level_2.audit

Size: 84.9 kB

MD5: 780b206a7fa72a68d740aabfc5c601f4
SHA256: 31053d25ed1261379fce79ac432c0df0cfdc5a6879249d2a81da11ce76d41bcc

Audit Items

DescriptionCategories
2.3.2 Secure screen saver corners - bottom left corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - bottom right corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - top left corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - top right corner

ACCESS CONTROL

2.6.6 Enable Location Services

CONFIGURATION MANAGEMENT

2.6.7 Monitor Location Services Access

CONFIGURATION MANAGEMENT

2.6.7 Monitor Location Services Access - evaluate application

AUDIT AND ACCOUNTABILITY

2.6.8 Disable sending diagnostic and usage data to Apple
2.7.1 iCloud configuration
2.7.2 iCloud keychain
2.7.3 iCloud Drive
2.7.4 iCloud Drive Document sync

CONFIGURATION MANAGEMENT

2.7.5 iCloud Drive Desktop sync

CONFIGURATION MANAGEMENT

2.8.1 Time Machine Auto-Backup

CONTINGENCY PLANNING

2.11 Java 6 is not the default Java runtime

CONFIGURATION MANAGEMENT

2.12 Securely delete files as needed

CONFIGURATION MANAGEMENT

3.2 Configure Security Auditing Flags - 'audit all failed events across all audit classes'

AUDIT AND ACCOUNTABILITY

3.2 Configure Security Auditing Flags - 'audit successful/failed administrative events'

AUDIT AND ACCOUNTABILITY

3.2 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events'

AUDIT AND ACCOUNTABILITY

3.2 Configure Security Auditing Flags - 'audit successful/failed file deletion events'

AUDIT AND ACCOUNTABILITY

3.2 Configure Security Auditing Flags - 'audit successful/failed login/logout events'

AUDIT AND ACCOUNTABILITY

4.1 Disable Bonjour advertising service

CONFIGURATION MANAGEMENT

4.3 Create network specific locations
5.1.4 Check Library folder for world writable files

ACCESS CONTROL

5.2.3 Complex passwords must contain an Alphabetic Character

IDENTIFICATION AND AUTHENTICATION

5.2.4 Complex passwords must contain a Numeric Character

IDENTIFICATION AND AUTHENTICATION

5.2.5 Complex passwords must contain a Special Character

IDENTIFICATION AND AUTHENTICATION

5.2.6 Complex passwords must contain uppercase and lowercase letters

IDENTIFICATION AND AUTHENTICATION

5.7 Automatically lock the login keychain for inactivity

IDENTIFICATION AND AUTHENTICATION

5.8 Ensure login keychain is locked when the computer sleeps

IDENTIFICATION AND AUTHENTICATION

5.9 Enable OCSP and CRL certificate checking - CRLStyle

IDENTIFICATION AND AUTHENTICATION

5.9 Enable OCSP and CRL certificate checking - OCSPStyle

IDENTIFICATION AND AUTHENTICATION

5.14 Ensure system is set to hibernate

CONFIGURATION MANAGEMENT

5.18 Create a Login window banner

ACCESS CONTROL

5.20 Disable Fast User Switching

ACCESS CONTROL

5.21 Secure individual keychains and items
5.22 Create specialized keychains for different purposes
6.4 Safari disable Internet Plugins for global use

CONFIGURATION MANAGEMENT

6.5 Use parental controls for systems that are not centrally managed
7.1 Wireless technology on OS X
7.2 iSight Camera Privacy and Confidentiality Concerns
7.3 Computer Name Considerations
7.4 Software Inventory Considerations
7.5 Firewall Consideration
7.7 App Store Automatically download apps purchased on other Macs Considerations
7.8 Extensible Firmware Interface (EFI) password
7.9 Apple ID password reset
7.11 App Store Password Settings
7.14 System information backup to remote computers
CIS_Apple_macOS_10.13_v1.0.0_Level_2.audit from CIS Apple macOS 10.13 Benchmark v1.0.0