| 2.3.2 Secure screen saver corners - bottom left corner | ACCESS CONTROL |
| 2.3.2 Secure screen saver corners - bottom right corner | ACCESS CONTROL |
| 2.3.2 Secure screen saver corners - top left corner | ACCESS CONTROL |
| 2.3.2 Secure screen saver corners - top right corner | ACCESS CONTROL |
| 2.4.10 Disable Content Caching | CONFIGURATION MANAGEMENT |
| 2.5.6 Enable Location Services | CONFIGURATION MANAGEMENT |
| 2.5.7 Monitor Location Services Access | CONFIGURATION MANAGEMENT |
| 2.5.8 Disable sending diagnostic and usage data to Apple | CONFIGURATION MANAGEMENT |
| 2.6.1 iCloud configuration | ACCESS CONTROL |
| 2.6.2 iCloud keychain | ACCESS CONTROL |
| 2.6.3 iCloud Drive | ACCESS CONTROL |
| 2.6.4 iCloud Drive Document and Desktop sync - desktop | CONFIGURATION MANAGEMENT |
| 2.6.4 iCloud Drive Document and Desktop sync - document | CONFIGURATION MANAGEMENT |
| 2.7.1 Time Machine Auto-Backup | CONTINGENCY PLANNING |
| 2.11 Java 6 is not the default Java runtime | CONFIGURATION MANAGEMENT |
| 2.12 Securely delete files as needed | CONFIGURATION MANAGEMENT |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit all failed events across all audit classes' | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed administrative events' | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed file attribute modification events' | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed file deletion events' | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed login/logout events' | AUDIT AND ACCOUNTABILITY |
| 4.1 Disable Bonjour advertising service | CONFIGURATION MANAGEMENT |
| 4.3 Create network specific locations | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.4 Check Library folder for world writable files | ACCESS CONTROL |
| 5.2.3 Complex passwords must contain an Alphabetic Character | |
| 5.2.4 Complex passwords must contain a Numeric Character | IDENTIFICATION AND AUTHENTICATION |
| 5.2.5 Complex passwords must contain a Special Character | |
| 5.2.6 Complex passwords must uppercase and lowercase letters | |
| 5.4 Automatically lock the login keychain for inactivity | ACCESS CONTROL |
| 5.6 Ensure login keychain is locked when the computer sleeps | IDENTIFICATION AND AUTHENTICATION |
| 5.10 Ensure system is set to hibernate | CONFIGURATION MANAGEMENT |
| 5.14 Create a Login window banner | ACCESS CONTROL |
| 5.16 Disable Fast User Switching | ACCESS CONTROL |
| 5.17 Secure individual keychains and items | IDENTIFICATION AND AUTHENTICATION |
| 5.18 Create specialized keychains for different purposes | IDENTIFICATION AND AUTHENTICATION |
| 6.4 Use parental controls for systems that are not centrally managed | ACCESS CONTROL |
| 7.1 Wireless technology on macOS | ACCESS CONTROL |
| 7.2 iSight Camera Privacy and Confidentiality Concerns | CONFIGURATION MANAGEMENT |
| 7.3 Computer Name Considerations | CONFIGURATION MANAGEMENT |
| 7.4 Software Inventory Considerations | CONFIGURATION MANAGEMENT |
| 7.5 Firewall Consideration | CONFIGURATION MANAGEMENT |
| 7.7 App Store Automatically download apps purchased on other Macs Considerations | CONFIGURATION MANAGEMENT |
| 7.8 Extensible Firmware Interface (EFI) password | CONFIGURATION MANAGEMENT |
| 7.9 FileVault and Local Account Password Reset using AppleID | ACCESS CONTROL |
| 7.11 App Store Password Settings | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 7.14 System information backup to remote computers | CONTINGENCY PLANNING |
| CIS_Apple_macOS_10.13_v1.1.0_Level_2.audit from CIS Apple macOS 10.13 Benchmark v1.1.0 | |
