Apr 2, 2021 Miscellaneous- Audit deprecated.
- Metadata updated.
|
Sep 29, 2020 |
Jul 14, 2020 |
Apr 22, 2020 |
May 21, 2019 Functional Update- AOSX-10-000187 - The system must display the DoD Notice and Consent Banner before granting access to the system via SSH.
|
Mar 12, 2019 Functional Update- AOSX-10-000185 - System must display the DoD Notice and Consent Banner before granting access to the system - 'PolicyBanner.rtf text'
- AOSX-10-000185 - System must display the DoD Notice and Consent Banner before granting access to the system - 'PolicyBanner.rtfd text'
- AOSX-10-000186 - The SSH banner must contain the Standard Mandatory DoD Notice and Consent Banner. - '/etc/banner'
- AOSX-10-000195 - Publically accessible connections to system must display the DoD Banner before granting access - 'PolicyBanner.rtf text'
- AOSX-10-000195 - Publically accessible connections to system must display the DoD Banner before granting access - 'PolicyBanner.rtfd text'
|
Feb 8, 2019 Miscellaneous- Metadata updated.
- References updated.
|
Dec 14, 2018 Informational Update- AOSX-10-001145 - All setuid executables on the system must be vendor-supplied.
|
Jul 24, 2018 Informational Update- AOSX-10-000010 - The operating system must initiate a session lock after a 15-minute period of inactivity.
- AOSX-10-000035 - The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
- AOSX-10-000050 - The rshd service must be disabled.
- AOSX-10-000110 - The operating system must automatically remove or disable temporary user accounts after 72 hours.
- AOSX-10-000115 - The operating system must be configured such that emergency administrator accounts are never automatically disabled.
- AOSX-10-000120 - The operating system must automatically audit account creation.
- AOSX-10-000125 - The operating system must automatically audit account modification.
- AOSX-10-000130 - The operating system must automatically audit account disabling actions.
- AOSX-10-000135 - The operating system must automatically audit account removal actions.
- AOSX-10-000155 - The system firewall must be configured with a default-deny policy.
- AOSX-10-000186 - The SSH banner must contain the Standard Mandatory DoD Notice and Consent Banner. - '/etc/banner'
- AOSX-10-000186 - The SSH banner must contain the Standard Mandatory DoD Notice and Consent Banner. - 'Banner Content'
- AOSX-10-000187 - The system must display the DoD Notice and Consent Banner before granting access to the system via SSH.
- AOSX-10-000240 - System must provide audit record generation capability for DoD-defined auditable events for all system components.
- AOSX-10-000305 - System must provide an immediate warning to the SA and ISSO when allocated audit record storage volume reaches 75%.
- AOSX-10-000330 - System must compare internal system clocks at least every 24 hours with an approved server.
- AOSX-10-000430 - The Security assessment policy subsystem must be enabled.
- AOSX-10-000435 - The operating system must limit privileges to change software resident within software libraries.
- AOSX-10-000460 - System must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
- AOSX-10-000475 - The application FaceTime must be removed.
- AOSX-10-000480 - The application Game Center must be removed.
- AOSX-10-000490 - The application Messages must be removed.
- AOSX-10-000505 - The application Calendar must be removed.
- AOSX-10-000507 - The application Reminders must be removed.
- AOSX-10-000510 - The application Contacts must be removed.
- AOSX-10-000515 - The application Mail must be removed.
- AOSX-10-000520 - The system preference panel iCloud must be removed.
- AOSX-10-000530 - Sending diagnostic and usage data to Apple must be disabled.
- AOSX-10-000531 - Find My Mac must be disabled.
- AOSX-10-000532 - Find My Mac messenger must be disabled.
- AOSX-10-000535 - Location Services must be disabled.
- AOSX-10-000545 - Bonjour multicast advertising must be disabled on the system.
- AOSX-10-000550 - The UUCP service must be disabled.
- AOSX-10-000570 - The operating system must implement replay-resistant authentication mechanisms for network access to privileged accounts.
- AOSX-10-000575 - System must implement replay-resistant authentication mechanisms for network access to non-privileged accounts.
- AOSX-10-000585 - Operating systems must enforce password complexity by requiring that at least one numeric character be used.
- AOSX-10-000750 - System must issue or obtain public key certificates under an appropriate certificate policy.
- AOSX-10-000780 - The operating system must protect the confidentiality and integrity of all information at rest.
- AOSX-10-000785 - System must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest.
- AOSX-10-000786 - System must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest.
- AOSX-10-000835 - System must employ automated mechanisms to determine the state of system components with regard to flaw remediation.
- AOSX-10-000975 - Remote Apple Events must be disabled.
- AOSX-10-001235 - Unused network devices must be disabled.
- AOSX-10-001270 - Internet Sharing must be disabled.
- AOSX-10-001355 - The operating system must shut down by default upon audit failure (unless availability is an overriding concern).
- AOSX-10-001465 - System must employ automated mechanisms to detect the presence of unauthorized software.
- AOSX-10-002050 - AirDrop must be disabled.
- AOSX-10-002055 - All users must use PKI authentication for login and privileged access.
- AOSX-10-002085 - Operating systems must enforce a 60-day maximum password lifetime restriction.
- AOSX-10-002110 - The operating system must audit the enforcement actions used to restrict access associated with changes to the system.
- AOSX-10-002115 - Operating systems sessions must audit non-local maintenance and diagnostic sessions organization-defined audit events.
Miscellaneous- Metadata updated.
- Platform check updated.
- References updated.
Added- DISA_STIG_MacOSX_10.10_v1r5.audit
|
