CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1

Audit Details

Name: CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1

Updated: 12/10/2024

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 46

File Details

Filename: CIS_Apple_macOS_13.0_Ventura_Cloud-tailored_v1.1.0_L1.audit

Size: 117 kB

MD5: 744464457345c394b531163b754b7890

SHA256: 0c138a516fa91574682a3903c072b830e61e0bd580afe455998839a5f99c9a8b

Audit Items

Description	Categories
1.1 Ensure All Apple-provided Software Is Current	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.2 Ensure Auto Update Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.3 Ensure Download New Updates When Available Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.4 Ensure Install of macOS Updates Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.5 Ensure Install Application Updates from the App Store Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.6 Ensure Install Security Responses and System Files Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
2.1.1 Ensure Firewall Is Enabled	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
2.2.1.1 Ensure Set Time and Date Automatically Is Enabled	AUDIT AND ACCOUNTABILITY
2.2.1.2 Ensure the Time Service Is Enabled	AUDIT AND ACCOUNTABILITY
2.2.2.1 Ensure Remote Apple Events Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.2 Ensure Limit Ad Tracking Is Enabled	CONFIGURATION MANAGEMENT
2.3.3 Ensure Gatekeeper Is Enabled	SYSTEM AND INFORMATION INTEGRITY
2.4.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled	ACCESS CONTROL
2.4.2 Ensure Require Password After Screen Saver Begins or Display Is Turned Off Is Enabled for 5 Seconds or Immediately	IDENTIFICATION AND AUTHENTICATION
2.4.3 Ensure a Custom Message for the Login Screen Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.4.4 Ensure Login Window Displays as Name and Password Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.4.5 Ensure Show Password Hints Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.5.1 Ensure Users' Accounts Do Not Have a Password Hint	IDENTIFICATION AND AUTHENTICATION
2.6.1 Ensure Guest Account Is Disabled	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
2.6.2 Ensure Guest Access to Shared Folders Is Disabled	ACCESS CONTROL, MEDIA PROTECTION
2.6.3 Ensure Automatic Login Is Disabled	IDENTIFICATION AND AUTHENTICATION
3.1 Ensure Security Auditing Is Enabled	AUDIT AND ACCOUNTABILITY
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size	AUDIT AND ACCOUNTABILITY
3.4 Ensure Security Auditing Retention Is Enabled	AUDIT AND ACCOUNTABILITY
3.5 Ensure Access to Audit Records Is Controlled	ACCESS CONTROL, MEDIA PROTECTION
3.6 Ensure Firewall Logging Is Enabled and Configured	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
4.2 Ensure HTTP Server Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
4.3 Ensure NFS Server Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.1.1 Ensure Home Folders Are Secure	ACCESS CONTROL, MEDIA PROTECTION
5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled	CONFIGURATION MANAGEMENT
5.1.3 Ensure Signed System Volume (SSV) Is Enabled	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.1.4 Ensure Appropriate Permissions Are Enabled for System Wide Applications	ACCESS CONTROL, MEDIA PROTECTION
5.1.5 Ensure No World Writable Folders Exist in the System Folder	ACCESS CONTROL, MEDIA PROTECTION
5.2.1 Ensure Password Account Lockout Threshold Is Configured	ACCESS CONTROL
5.2.2 Ensure Password Minimum Length Is Configured	IDENTIFICATION AND AUTHENTICATION
5.2.7 Ensure Password Age Is Configured	ACCESS CONTROL
5.2.8 Ensure Password History Is Configured	IDENTIFICATION AND AUTHENTICATION
5.3 Ensure the Sudo Timeout Period Is Set to Zero	ACCESS CONTROL
5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo	ACCESS CONTROL
5.5 Ensure the "root" Account Is Disabled	ACCESS CONTROL
5.6 Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session	ACCESS CONTROL
5.8 Ensure the Guest Home Folder Does Not Exist	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.9 Ensure XProtect Is Running and Updated	SYSTEM AND INFORMATION INTEGRITY
5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled	CONFIGURATION MANAGEMENT
5.11 Ensure Show All Filename Extensions Setting is Enabled	CONFIGURATION MANAGEMENT
CIS_Apple_macOS_13.0_Ventura_Cloud-tailored_v1.1.0_L1.audit from CIS Apple macOS 13.0 Ventura Cloud-tailored Benchmark v1.1.0

Detections

Analytics

CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1

Audit Details

File Details

Audit Items