CIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1

Audit Details

Name: CIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1

Updated: 7/12/2024

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 49

File Details

Filename: CIS_Apple_macOS_13.0_Ventura_Cloud-tailored_v1.0.0_L1.audit

Size: 122 kB

MD5: b8e1fff323a0ebf34ac31c2e11373909

SHA256: a67e58a82a20edff7443e20383f15d33b3dfeb53b2f040419b13d4aeb47cc924

Audit Items

Description	Categories
1.1 Ensure All Apple-provided Software Is Current	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.2 Ensure Auto Update Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.3 Ensure Download New Updates When Available Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.4 Ensure Install of macOS Updates Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.5 Ensure Install Application Updates from the App Store Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.6 Ensure Install Security Responses and System Files Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
2.1.1 Ensure Firewall Is Enabled	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
2.1.2 Ensure Firewall Stealth Mode Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
2.2.1.1 Ensure Set Time and Date Automatically Is Enabled	AUDIT AND ACCOUNTABILITY
2.2.1.2 Ensure Time Is Set Within Appropriate Limits	AUDIT AND ACCOUNTABILITY
2.2.2.1 Ensure Screen Sharing Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.2.2.2 Ensure Remote Apple Events Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.2 Ensure Limit Ad Tracking Is Enabled	CONFIGURATION MANAGEMENT
2.3.3 Ensure Gatekeeper Is Enabled	SYSTEM AND INFORMATION INTEGRITY
2.4.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled	ACCESS CONTROL
2.4.2 Ensure Require Password After Screen Saver Begins or Display Is Turned Off Is Enabled for 5 Seconds or Immediately	IDENTIFICATION AND AUTHENTICATION
2.4.3 Ensure a Custom Message for the Login Screen Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.4.4 Ensure Login Window Displays as Name and Password Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.4.5 Ensure Show Password Hints Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.5.1 Ensure Users' Accounts Do Not Have a Password Hint	IDENTIFICATION AND AUTHENTICATION
2.6.1 Ensure Guest Account Is Disabled	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
2.6.2 Ensure Guest Access to Shared Folders Is Disabled	ACCESS CONTROL, MEDIA PROTECTION
2.6.3 Ensure Automatic Login Is Disabled	IDENTIFICATION AND AUTHENTICATION
3.1 Ensure Security Auditing Is Enabled	AUDIT AND ACCOUNTABILITY
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size	AUDIT AND ACCOUNTABILITY
3.4 Ensure Security Auditing Retention Is Enabled	AUDIT AND ACCOUNTABILITY
3.5 Ensure Access to Audit Records Is Controlled	ACCESS CONTROL, MEDIA PROTECTION
3.6 Ensure Firewall Logging Is Enabled and Configured	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
4.2 Ensure HTTP Server Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
4.3 Ensure NFS Server Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.1.1 Ensure Home Folders Are Secure	ACCESS CONTROL, MEDIA PROTECTION
5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CONFIGURATION MANAGEMENT
5.1.4 Ensure Signed System Volume (SSV) Is Enabled	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.1.5 Ensure Appropriate Permissions Are Enabled for System Wide Applications	ACCESS CONTROL, MEDIA PROTECTION
5.1.6 Ensure No World Writable Folders Exist in the System Folder	ACCESS CONTROL, MEDIA PROTECTION
5.2.1 Ensure Password Account Lockout Threshold Is Configured	ACCESS CONTROL
5.2.2 Ensure Password Minimum Length Is Configured	IDENTIFICATION AND AUTHENTICATION
5.2.7 Ensure Password Age Is Configured	ACCESS CONTROL
5.2.8 Ensure Password History Is Configured	IDENTIFICATION AND AUTHENTICATION
5.3 Ensure the Sudo Timeout Period Is Set to Zero	ACCESS CONTROL
5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo	ACCESS CONTROL
5.5 Ensure the "root" Account Is Disabled	ACCESS CONTROL
5.6 Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session	ACCESS CONTROL
5.8 Ensure the Guest Home Folder Does Not Exist	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.9 Ensure XProtect Is Running and Updated	SYSTEM AND INFORMATION INTEGRITY
5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled	CONFIGURATION MANAGEMENT
5.11 Ensure Show All Filename Extensions Setting is Enabled	CONFIGURATION MANAGEMENT
CIS_Apple_macOS_13.0_Ventura_Cloud-tailored_v1.0.0_L1.audit from CIS Apple macOS 13.0 Ventura Cloud-tailored Benchmark v1.0.0

Detections

Analytics

CIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1

Audit Details

File Details

Audit Items