DISA STIG Apple Mac OSX 10.13 v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Apple Mac OSX 10.13 v2r1

Updated: 10/5/2021

Authority: DISA STIG

Plugin: Unix

Revision: 1.3

Estimated Item Count: 146

Audit Items

Description	Categories
AOSX-13-000005 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.	ACCESS CONTROL
AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-bl-corner	ACCESS CONTROL
AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-br-corner	ACCESS CONTROL
AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tl-corner	ACCESS CONTROL
AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tr-corner	ACCESS CONTROL
AOSX-13-000007 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.	CONFIGURATION MANAGEMENT
AOSX-13-000010 - The macOS system must initiate a session lock after a 15-minute period of inactivity.	ACCESS CONTROL
AOSX-13-000020 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.	ACCESS CONTROL
AOSX-13-000025 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.	CONFIGURATION MANAGEMENT
AOSX-13-000030 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.	AUDIT AND ACCOUNTABILITY
AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.	CONFIGURATION MANAGEMENT
AOSX-13-000050 - The macOS system must be configured to disable rshd service.	CONFIGURATION MANAGEMENT
AOSX-13-000055 - The macOS system must enforce requirements for remote connections to the information system.	CONFIGURATION MANAGEMENT
AOSX-13-000065 - The macOS system must be configured with Bluetooth turned off unless approved by the organization.	CONFIGURATION MANAGEMENT
AOSX-13-000070 - The macOS system must be configured with Wi-Fi support software disabled.	CONFIGURATION MANAGEMENT
AOSX-13-000075 - The macOS system must be configured with Infrared [IR] support disabled.	CONFIGURATION MANAGEMENT
AOSX-13-000085 - The macOS system must be configured with automatic actions disabled for blank CDs.	CONFIGURATION MANAGEMENT
AOSX-13-000090 - The macOS system must be configured with automatic actions disabled for blank DVDs.	CONFIGURATION MANAGEMENT
AOSX-13-000095 - The macOS system must be configured with automatic actions disabled for music CDs.	CONFIGURATION MANAGEMENT
AOSX-13-000100 - The macOS system must be configured with automatic actions disabled for picture CDs.	CONFIGURATION MANAGEMENT
AOSX-13-000105 - The macOS system must be configured with automatic actions disabled for video DVDs.	CONFIGURATION MANAGEMENT
AOSX-13-000110 - The macOS system must automatically remove or disable temporary user accounts after 72 hours.
AOSX-13-000115 - The macOS system must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.
AOSX-13-000120 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.	AUDIT AND ACCOUNTABILITY
AOSX-13-000139 - The macOS system must be configured to disable SMB File Sharing unless it is required.	CONFIGURATION MANAGEMENT
AOSX-13-000140 - The macOS system must be configured to disable Apple File (AFP) Sharing.	CONFIGURATION MANAGEMENT
AOSX-13-000141 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required.	CONFIGURATION MANAGEMENT
AOSX-13-000142 - The macOS system must be configured to disable the Network File System (NFS) lock daemon unless it is required.	CONFIGURATION MANAGEMENT
AOSX-13-000143 - The macOS system must be configured to disable the Network File System (NFS) stat daemon unless it is required.	CONFIGURATION MANAGEMENT
AOSX-13-000155 - The macOS system firewall must be configured with a default-deny policy.
AOSX-13-000186 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the operating system.	ACCESS CONTROL
AOSX-13-000187 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.	ACCESS CONTROL
AOSX-13-000195 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system - 'Banner file'	ACCESS CONTROL
AOSX-13-000195 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system - 'Banner text'	ACCESS CONTROL
AOSX-13-000200 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources.	AUDIT AND ACCOUNTABILITY
AOSX-13-000230 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) - GMT.	AUDIT AND ACCOUNTABILITY
AOSX-13-000240 - The macOS system must enable System Integrity Protection.	SYSTEM AND INFORMATION INTEGRITY
AOSX-13-000295 - The macOS system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility.	AUDIT AND ACCOUNTABILITY
AOSX-13-000305 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.	AUDIT AND ACCOUNTABILITY
AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.	AUDIT AND ACCOUNTABILITY
AOSX-13-000330 - The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS).	AUDIT AND ACCOUNTABILITY
AOSX-13-000331 - The macOS system must be configured with audit log files owned by root.	AUDIT AND ACCOUNTABILITY
AOSX-13-000332 - The macOS system must be configured with audit log folders owned by root.	AUDIT AND ACCOUNTABILITY
AOSX-13-000333 - The macOS system must be configured with audit log files group-owned by wheel.	AUDIT AND ACCOUNTABILITY
AOSX-13-000334 - The macOS system must be configured with audit log folders group-owned by wheel.	AUDIT AND ACCOUNTABILITY
AOSX-13-000335 - The macOS system must be configured with audit log files set to mode 440 or less permissive.	AUDIT AND ACCOUNTABILITY
AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.	AUDIT AND ACCOUNTABILITY
AOSX-13-000337 - The macOS system must be configured so that log files must not contain access control lists (ACLs).	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
AOSX-13-000338 - The macOS system must be configured so that log folders must not contain access control lists (ACLs).	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
AOSX-13-000430 - The macOS system must have the security assessment policy subsystem enabled.	CONFIGURATION MANAGEMENT

Detections

Analytics

DISA STIG Apple Mac OSX 10.13 v2r1

Warning! Audit Deprecated

Audit Details

Audit Items