Detections
Analytics

DISA Apple macOS 15 (Sequoia) STIG v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Apple macOS 15 (Sequoia) STIG v1r1

Updated: 3/25/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 159

File Details

Filename: DISA_STIG_Apple_macOS_15_Sequoia_v1r1.audit

Size: 243 kB

MD5: d8c4c64a24aac32ed62a6ebd5b75438c
SHA256: 5d9707503313f250e73f1f6ae9b07a8acecd3e6ad6f8bbf764f8ec7ef0c4a700

Audit Items

DescriptionCategories
APPL-15-000001 - The macOS system must prevent Apple Watch from terminating a session lock.
APPL-15-000002 - The macOS system must enforce screen saver password.
APPL-15-000003 - The macOS system must enforce session lock no more than five seconds after screen saver is started.
APPL-15-000005 - The macOS system must configure user session lock when a smart token is removed.
APPL-15-000007 - The macOS system must disable hot corners.
APPL-15-000009 - The macOS system must prevent AdminHostInfo from being available at LoginWindow.
APPL-15-000012 - The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.
APPL-15-000014 - The macOS system must enforce time synchronization.
APPL-15-000022 - The macOS system must limit consecutive failed login attempts to three.
APPL-15-000023 - The macOS system must display a policy banner at remote login.
APPL-15-000024 - The macOS system must enforce SSH to display a policy banner.
APPL-15-000025 - The macOS system must display the Standard Mandatory DOD Notice and Consent Banner at the login window.
APPL-15-000030 - The macOS system must configure audit log files to not contain access control lists (ACLs).
APPL-15-000031 - The macOS system must configure the audit log folder to not contain access control lists (ACLs).
APPL-15-000033 - The macOS system must disable FileVault automatic login.
APPL-15-000051 - The macOS system must configure SSHD ClientAliveInterval to 900.
APPL-15-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1.
APPL-15-000053 - The macOS system must set login grace time to 30.
APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections.
APPL-15-000057 - The macOS system must limit SSH to FIPS-compliant connections.
APPL-15-000060 - The macOS system must set account lockout time to 15 minutes.
APPL-15-000070 - The macOS system must enforce screen saver timeout.
APPL-15-000090 - The macOS system must disable login to other users' active and locked sessions.
APPL-15-000100 - The macOS system must disable root login.
APPL-15-000110 - The macOS system must configure the SSH ServerAliveInterval to 900.
APPL-15-000120 - The macOS system must configure SSHD channel timeout to 900.
APPL-15-000130 - The macOS system must configure SSHD unused connection timeout to 900.
APPL-15-000140 - The macOS system must set SSH Active Server Alive Maximum to 0.
APPL-15-000160 - The macOS system must enforce auto logout after 86400 seconds of inactivity.
APPL-15-000170 - The macOS system must be configured to use an authorized time server.
APPL-15-000180 - The macOS system must enable the time synchronization daemon.
APPL-15-000190 - The macOS system must configure sudo to log events.
APPL-15-001001 - The macOS system must be configured to audit all administrative action events.
APPL-15-001002 - The macOS system must be configured to audit all login and logout events.
APPL-15-001003 - The macOS system must enable security auditing.
APPL-15-001010 - The macOS system must be configured to shut down upon audit failure.
APPL-15-001012 - The macOS system must configure audit log files to be owned by root.
APPL-15-001013 - The macOS system must configure audit log folders to be owned by root.
APPL-15-001014 - The macOS system must configure the audit log files group to wheel.
APPL-15-001015 - The macOS system must configure the audit log folders group to wheel.
APPL-15-001016 - The macOS system must configure audit log files to mode 440 or less permissive.
APPL-15-001017 - The macOS system must configure audit log folders to mode 700 or less permissive.
APPL-15-001020 - The macOS system must be configured to audit all deletions of object attributes.
APPL-15-001021 - The macOS system must be configured to audit all changes of object attributes.
APPL-15-001022 - The macOS system must be configured to audit all failed read actions on the system.
APPL-15-001023 - The macOS system must be configured to audit all failed write actions on the system.
APPL-15-001024 - The macOS system must be configured to audit all failed program execution on the system.
APPL-15-001029 - The macOS system must configure audit retention to seven days.
APPL-15-001030 - The macOS system must configure audit capacity warning.
APPL-15-001031 - The macOS system must configure audit failure notification.