| AOSX-15-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock. | ACCESS CONTROL |
| AOSX-15-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures. | ACCESS CONTROL |
| AOSX-15-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | ACCESS CONTROL |
| AOSX-15-000004 - The macOS system must initiate a session lock after a 15-minute period of inactivity. | ACCESS CONTROL |
| AOSX-15-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | ACCESS CONTROL |
| AOSX-15-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | ACCESS CONTROL |
| AOSX-15-000007 - The macOS system must be configured to disable hot corners - bottom left | ACCESS CONTROL |
| AOSX-15-000007 - The macOS system must be configured to disable hot corners - bottom right | ACCESS CONTROL |
| AOSX-15-000007 - The macOS system must be configured to disable hot corners - top left | ACCESS CONTROL |
| AOSX-15-000007 - The macOS system must be configured to disable hot corners - top right | ACCESS CONTROL |
| AOSX-15-000008 - The macOS system must be configured with Wi-Fi support software disabled. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - OpenSSH version | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - SSHD currently running | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - SSHD service disabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours. | ACCESS CONTROL |
| AOSX-15-000014 - The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS) - Network Time On | AUDIT AND ACCOUNTABILITY |
| AOSX-15-000014 - The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS) - Network Time Server | AUDIT AND ACCOUNTABILITY |
| AOSX-15-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules. | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-000016 - The macOS system must be integrated into a directory services infrastructure. | CONFIGURATION MANAGEMENT |
| AOSX-15-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user. | ACCESS CONTROL |
| AOSX-15-000021 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts. | ACCESS CONTROL |
| AOSX-15-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked. | ACCESS CONTROL |
| AOSX-15-000023 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting remote access to the operating system. | ACCESS CONTROL |
| AOSX-15-000024 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH. | ACCESS CONTROL |
| AOSX-15-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner file | ACCESS CONTROL |
| AOSX-15-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner text | ACCESS CONTROL |
| AOSX-15-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs). | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-000031 - The macOS system must be configured so that log folders must not contain access control lists (ACLs). | AUDIT AND ACCOUNTABILITY |
| AOSX-15-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - FileVault User | CONFIGURATION MANAGEMENT |
| AOSX-15-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - UserShell | CONFIGURATION MANAGEMENT |
| AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less. | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AOSX-15-001002 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-15-001003 - The macOS system must initiate session audits at system startup | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-15-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001012 - The macOS system must be configured with audit log files owned by root. | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001013 - The macOS system must be configured with audit log folders owned by root. | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001014 - The macOS system must be configured with audit log files group-owned by wheel. | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001015 - The macOS system must be configured with audit log folders group-owned by wheel. | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001016 - The macOS system must be configured with audit log files set to mode 440 or less permissive. | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system. | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| AOSX-15-001029 - The macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility. | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | AUDIT AND ACCOUNTABILITY |
