| AOSX-13-000005 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | ACCESS CONTROL |
| AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-bl-corner | ACCESS CONTROL |
| AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-br-corner | ACCESS CONTROL |
| AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tl-corner | ACCESS CONTROL |
| AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tr-corner | ACCESS CONTROL |
| AOSX-13-000007 - The macOS system must be configured to prevent Apple Watch from terminating a session lock. | ACCESS CONTROL |
| AOSX-13-000010 - The macOS system must initiate a session lock after a 15-minute period of inactivity. | ACCESS CONTROL |
| AOSX-13-000020 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures. | ACCESS CONTROL |
| AOSX-13-000025 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | ACCESS CONTROL |
| AOSX-13-000030 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000050 - The macOS system must be configured to disable rshd service. | CONFIGURATION MANAGEMENT |
| AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-13-000057 - The macOS system must enforce requirements for remote connections to the information | CONFIGURATION MANAGEMENT |
| AOSX-13-000065 - The macOS system must be configured with Bluetooth turned off unless approved by the organization. | CONFIGURATION MANAGEMENT |
| AOSX-13-000070 - The macOS system must be configured with Wi-Fi support software disabled. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000075 - The macOS system must be configured with Infrared [IR] support disabled. | CONFIGURATION MANAGEMENT |
| AOSX-13-000085 - The macOS system must be configured with automatic actions disabled for blank CDs. | CONFIGURATION MANAGEMENT |
| AOSX-13-000090 - The macOS system must be configured with automatic actions disabled for blank DVDs. | CONFIGURATION MANAGEMENT |
| AOSX-13-000095 - The macOS system must be configured with automatic actions disabled for music CDs. | CONFIGURATION MANAGEMENT |
| AOSX-13-000100 - The macOS system must be configured with automatic actions disabled for picture CDs. | CONFIGURATION MANAGEMENT |
| AOSX-13-000105 - The macOS system must be configured with automatic actions disabled for video DVDs. | CONFIGURATION MANAGEMENT |
| AOSX-13-000110 - The macOS system must automatically remove or disable temporary user accounts after 72 hours. | ACCESS CONTROL |
| AOSX-13-000115 - The macOS system must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours. | ACCESS CONTROL |
| AOSX-13-000120 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AOSX-13-000139 - The macOS system must be configured to disable SMB File Sharing unless it is required. | CONFIGURATION MANAGEMENT |
| AOSX-13-000140 - The macOS system must be configured to disable Apple File (AFP) Sharing. | CONFIGURATION MANAGEMENT |
| AOSX-13-000141 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required. | CONFIGURATION MANAGEMENT |
| AOSX-13-000142 - The macOS system must be configured to disable the Network File System (NFS) lock daemon unless it is required. | CONFIGURATION MANAGEMENT |
| AOSX-13-000143 - The macOS system must be configured to disable the Network File System (NFS) stat daemon unless it is required. | CONFIGURATION MANAGEMENT |
| AOSX-13-000155 - The macOS system firewall must be configured with a default-deny policy. | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT |
| AOSX-13-000186 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the operating system. | ACCESS CONTROL |
| AOSX-13-000187 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH. | ACCESS CONTROL |
| AOSX-13-000195 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system - 'Banner file' | ACCESS CONTROL |
| AOSX-13-000195 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system - 'Banner text' | ACCESS CONTROL |
| AOSX-13-000200 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000230 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-13-000240 - The macOS system must enable System Integrity Protection. | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000295 - The macOS system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000305 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000330 - The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS). | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000331 - The macOS system must be configured with audit log files owned by root. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000332 - The macOS system must be configured with audit log folders owned by root. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000333 - The macOS system must be configured with audit log files group-owned by wheel. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000334 - The macOS system must be configured with audit log folders group-owned by wheel. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000335 - The macOS system must be configured with audit log files set to mode 440 or less permissive. | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | AUDIT AND ACCOUNTABILITY |
