CIS Apple OSX 10.11 El Capitan L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple OSX 10.11 El Capitan L1 v1.0.0

Updated: 1/9/2017

Authority: CIS

Plugin: Unix

Revision: 1.9

Estimated Item Count: 76

File Details

Filename: CIS_OSX_10.11_v1.0.0_L1.audit

Size: 84.7 kB

MD5: 906f68a162aeaf61c7e1b0db8e769a56
SHA256: 5d31d21df016be221f406bd5098b772be6ea88d17ecd01b1b02f3b1c7f7bfdd5

Audit Items

DescriptionCategories
1.1 Verify all Apple provided software is current

SYSTEM AND INFORMATION INTEGRITY

1.2 Enable Auto Update

SYSTEM AND INFORMATION INTEGRITY

1.3 Enable app update installs

SYSTEM AND INFORMATION INTEGRITY

1.4 Enable system data files and security update installs - 'ConfigDataInstall'

SYSTEM AND INFORMATION INTEGRITY

1.4 Enable system data files and security update installs - 'CriticalUpdateInstall'

SYSTEM AND INFORMATION INTEGRITY

1.5 Enable OS X update installs

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Disable Bluetooth, if no paired devices exist - Bluetooth is disabled
2.1.1 Disable Bluetooth, if no paired devices exist - Bluetooth is paired
2.1.2 Disable Bluetooth 'Discoverable' mode when not pairing devices

CONFIGURATION MANAGEMENT

2.1.3 Show Bluetooth status in menu bar

CONFIGURATION MANAGEMENT

2.2.2 Ensure time set is within appropriate limits
2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver

ACCESS CONTROL

2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver

ACCESS CONTROL

2.3.4 Set a screen corner to Start Screen Saver

ACCESS CONTROL

2.4.1 Disable Remote Apple Events

CONFIGURATION MANAGEMENT

2.4.2 Disable Internet Sharing

CONFIGURATION MANAGEMENT

2.4.3 Disable Screen Sharing

CONFIGURATION MANAGEMENT

2.4.4 Disable Printer Sharing

CONFIGURATION MANAGEMENT

2.4.5 Disable Remote Login

ACCESS CONTROL

2.4.6 Disable DVD or CD Sharing

CONFIGURATION MANAGEMENT

2.4.7 Disable Bluetooth Sharing
2.4.8 Disable File Sharing - AppleFileServer

CONFIGURATION MANAGEMENT

2.4.8 Disable File Sharing - SMB

CONFIGURATION MANAGEMENT

2.4.9 Disable Remote Management - 'ARDAgent file does not exist'

CONFIGURATION MANAGEMENT

2.4.9 Disable Remote Management - 'ARDAgent is not running'

CONFIGURATION MANAGEMENT

2.6.1 Enable FileVault - Encryption Status

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.1 Enable FileVault - Encryption Type

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.2 Enable Gatekeeper

CONFIGURATION MANAGEMENT

2.6.3 Enable Firewall

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.4 Enable Firewall Stealth Mode

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.5 Review Application Firewall Rules

SYSTEM AND COMMUNICATIONS PROTECTION

2.8 Pair the remote control infrared receiver if enabled
2.8 Pair the remote control infrared receiver if enabled - 'DeviceEnabled = 1'

CONFIGURATION MANAGEMENT

2.8 Pair the remote control infrared receiver if enabled - 'UIDFilter != none'

ACCESS CONTROL

2.9 Enable Secure Keyboard Entry in terminal.app

CONFIGURATION MANAGEMENT

3.1.1 Retain system.log for 90 or more days

AUDIT AND ACCOUNTABILITY

3.1.2 Retain appfirewall.log for 90 or more days

AUDIT AND ACCOUNTABILITY

3.1.3 Retain authd.log for 90 or more days

AUDIT AND ACCOUNTABILITY

3.2 Enable security auditing

AUDIT AND ACCOUNTABILITY

3.5 Retain install.log for 365 or more days

AUDIT AND ACCOUNTABILITY

4.2 Enable 'Show Wi-Fi status in menu bar'

CONFIGURATION MANAGEMENT

4.4 Ensure http server is not running

CONFIGURATION MANAGEMENT

4.5 Ensure ftp server is not running

CONFIGURATION MANAGEMENT

4.6 Ensure nfs server is not running

CONFIGURATION MANAGEMENT

5.1.1 Secure Home Folders

CONFIGURATION MANAGEMENT

5.1.2 Check System Wide Applications for appropriate permissions

ACCESS CONTROL

5.1.3 Check System folder for world writable files

ACCESS CONTROL

5.2.1 Configure account lockout threshold

ACCESS CONTROL

5.2.2 Set a minimum password length

IDENTIFICATION AND AUTHENTICATION

5.2.3 Complex passwords must contain an Alphabetic Character - '1 letter'

IDENTIFICATION AND AUTHENTICATION