DISA Apple macOS 14 (Sonoma) STIG v2r1

Audit Details

Name: DISA Apple macOS 14 (Sonoma) STIG v2r1

Updated: 8/19/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 158

File Details

Filename: DISA_STIG_Apple_macOS_14_Sonoma_v2r1.audit

Size: 299 kB

MD5: dc3c97d0e152224bf0b54614a4fe7052
SHA256: 9ebfe7f84497fece681f31fc02b780c9199ce1d160f1e3d803c8bc45ec6fc9f4

Audit Items

DescriptionCategories
APPL-14-000001 - The macOS system must prevent Apple Watch from terminating a session lock.

ACCESS CONTROL

APPL-14-000002 - The macOS system must enforce screen saver password.

ACCESS CONTROL

APPL-14-000003 - The macOS system must enforce session lock no more than five seconds after screen saver is started.

ACCESS CONTROL

APPL-14-000005 - The macOS system must configure user session lock when a smart token is removed.

ACCESS CONTROL

APPL-14-000007 - The macOS system must disable hot corners.

ACCESS CONTROL

APPL-14-000009 - The macOS system must prevent AdminHostInfo from being available at LoginWindow.

ACCESS CONTROL

APPL-14-000012 - The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.

ACCESS CONTROL

APPL-14-000014 - The macOS system must enforce time synchronization.

AUDIT AND ACCOUNTABILITY

APPL-14-000016 - The macOS system must be integrated into a directory services infrastructure.

CONFIGURATION MANAGEMENT

APPL-14-000022 - The macOS system must limit consecutive failed log on attempts to three.

ACCESS CONTROL

APPL-14-000023 - The macOS system must display the Standard Mandatory DOD Notice and Consent Banner at remote log on.

ACCESS CONTROL

APPL-14-000024 - The macOS system must enforce SSH to display the Standard Mandatory DOD Notice and Consent Banner.

ACCESS CONTROL

APPL-14-000025 - The macOS system must display the Standard Mandatory DOD Notice and Consent Banner at the login window.

ACCESS CONTROL

APPL-14-000030 - The macOS system must configure audit log files to not contain access control lists.

AUDIT AND ACCOUNTABILITY

APPL-14-000031 - The macOS system must configure audit log folders to not contain access control lists.

AUDIT AND ACCOUNTABILITY

APPL-14-000033 - The macOS system must disable FileVault automatic log on.

ACCESS CONTROL

APPL-14-000051 - The macOS system must configure SSHD ClientAliveInterval to 900.

SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1.

SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000053 - The macOS system must set Login Grace Time to 30.

SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000054 - The macOS system must limit SSHD to FIPS-compliant connections.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000057 - The macOS system must limit SSH to FIPS-compliant connections.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000060 - The macOS system must set account lockout time to 15 minutes.

ACCESS CONTROL

APPL-14-000070 - The macOS system must enforce screen saver timeout.

ACCESS CONTROL

APPL-14-000080 - The macOS system must enable SSH server for remote access sessions.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000090 - The macOS system must disable logon to other user's active and locked sessions.

IDENTIFICATION AND AUTHENTICATION

APPL-14-000100 - The macOS system must disable root logon.

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

APPL-14-000110 - The macOS system must configure SSH ServerAliveInterval option set to 900.

SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000120 - The macOS system must configure SSHD Channel Timeout to 900.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000130 - The macOS system must configure SSHD unused connection timeout to 900.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000140 - The macOS system must set SSH Active Server Alive Maximum to 0.

SYSTEM AND COMMUNICATIONS PROTECTION

APPL-14-000160 - The macOS system must enforce auto logout after 86400 seconds of inactivity.

ACCESS CONTROL

APPL-14-000170 - The macOS system must be configured to use an authorized time server.

AUDIT AND ACCOUNTABILITY

APPL-14-000180 - The macOS system must enable time synchronization daemon.

AUDIT AND ACCOUNTABILITY

APPL-14-001001 - The macOS system must be configured to audit all administrative action events.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE

APPL-14-001002 - The macOS system must be configured to audit all log on and log out events.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE

APPL-14-001003 - The macOS system must enable security auditing.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE

APPL-14-001010 - The macOS system must configure system to shut down upon audit failure.

AUDIT AND ACCOUNTABILITY

APPL-14-001012 - The macOS system must configure audit log files to be owned by root.

AUDIT AND ACCOUNTABILITY

APPL-14-001013 - The macOS system must configure audit log folders to be owned by root.

AUDIT AND ACCOUNTABILITY

APPL-14-001014 - The macOS system must configure audit log files group to wheel.

AUDIT AND ACCOUNTABILITY

APPL-14-001015 - The macOS system must configure audit log folders group to wheel.

AUDIT AND ACCOUNTABILITY

APPL-14-001016 - The macOS system must configure audit log files to mode 440 or less permissive.

AUDIT AND ACCOUNTABILITY

APPL-14-001017 - The macOS system must configure audit log folders to mode 700 or less permissive.

AUDIT AND ACCOUNTABILITY

APPL-14-001020 - The macOS system must be configured to audit all deletions of object attributes.

AUDIT AND ACCOUNTABILITY, MAINTENANCE

APPL-14-001021 - The macOS system must be configured to audit all changes of object attributes.

AUDIT AND ACCOUNTABILITY, MAINTENANCE

APPL-14-001022 - The macOS system must be configured to audit all failed read actions on the system.

AUDIT AND ACCOUNTABILITY

APPL-14-001023 - The macOS system must be configured to audit all failed write actions on the system.

AUDIT AND ACCOUNTABILITY

APPL-14-001024 - The macOS system must be configured to audit all failed program execution on the system.

AUDIT AND ACCOUNTABILITY

APPL-14-001029 - The macOS system must configure audit retention to seven days.

AUDIT AND ACCOUNTABILITY

APPL-14-001030 - The macOS system must configure audit capacity warning.

AUDIT AND ACCOUNTABILITY