DISA STIG Apple Mac OSX 10.11 v1r6

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Apple Mac OSX 10.11 v1r6

Updated: 4/2/2021

Authority: DISA STIG

Plugin: Unix

Revision: 1.9

Estimated Item Count: 129

Audit Items

Description	Categories
AOSX-11-000005 - The system must conceal, via the session lock, info previously visible on the display with a publicly viewable image.	ACCESS CONTROL
AOSX-11-000010 - The operating system must initiate a session lock after a 15-minute period of inactivity.	ACCESS CONTROL
AOSX-11-000020 - The system must retain the session lock until the user reestablishes access using established ident and auth procedures.	ACCESS CONTROL
AOSX-11-000030 - The operating system must monitor remote access methods.	AUDIT AND ACCOUNTABILITY
AOSX-11-000035 - The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.	CONFIGURATION MANAGEMENT
AOSX-11-000050 - The rshd service must be disabled.	CONFIGURATION MANAGEMENT
AOSX-11-000055 - The operating system must enforce requirements for remote connections to the information system.	CONFIGURATION MANAGEMENT
AOSX-11-000065 - The Bluetooth software driver must be disabled.	CONFIGURATION MANAGEMENT
AOSX-11-000070 - Wi-Fi support software must be disabled.	CONFIGURATION MANAGEMENT
AOSX-11-000075 - Infrared [IR] support must be disabled.	CONFIGURATION MANAGEMENT
AOSX-11-000085 - Automatic actions must be disabled for blank CDs.	CONFIGURATION MANAGEMENT
AOSX-11-000090 - Automatic actions must be disabled for blank DVDs.	CONFIGURATION MANAGEMENT
AOSX-11-000095 - Automatic actions must be disabled for music CDs.	CONFIGURATION MANAGEMENT
AOSX-11-000100 - Automatic actions must be disabled for picture CDs.	CONFIGURATION MANAGEMENT
AOSX-11-000105 - Automatic actions must be disabled for video DVDs.	CONFIGURATION MANAGEMENT
AOSX-11-000110 - The operating system must automatically remove or disable temporary user accounts after 72 hours.
AOSX-11-000115 - The operating system must be configured such that emergency administrator accounts are never automatically disabled.
AOSX-11-000120 - The system must generate audit records for all account creations, modifications, disabling, and termination events.	AUDIT AND ACCOUNTABILITY
AOSX-11-000139 - SMB File Sharing must be disabled unless required.	CONFIGURATION MANAGEMENT
AOSX-11-000140 - Apple File (AFP) Sharing must be disabled.	CONFIGURATION MANAGEMENT
AOSX-11-000141 - The NFS daemon must be disabled unless required.	CONFIGURATION MANAGEMENT
AOSX-11-000142 - The NFS lock daemon must be disabled unless required.	CONFIGURATION MANAGEMENT
AOSX-11-000143 - The NFS stat daemon must be disabled unless required.	CONFIGURATION MANAGEMENT
AOSX-11-000155 - The system firewall must be configured with a default-deny policy.
AOSX-11-000186 - The SSH banner must contain the Standard Mandatory DoD Notice and Consent Banner.	ACCESS CONTROL
AOSX-11-000187 - The system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.	ACCESS CONTROL
AOSX-11-000195 - Publically accessible connections to system must display the DoD Banner before granting access - 'Banner file exist'	ACCESS CONTROL
AOSX-11-000195 - Publically accessible connections to system must display the DoD Banner before granting access - 'Banner file text'	ACCESS CONTROL
AOSX-11-000200 - The system must generate audit records for DoD defined events.	AUDIT AND ACCOUNTABILITY
AOSX-11-000230 - The operating system must initiate session audits at system startup.	AUDIT AND ACCOUNTABILITY
AOSX-11-000295 - The system must allocate audit record storage capacity to store at least one weeks worth of audit records.	AUDIT AND ACCOUNTABILITY
AOSX-11-000305 - The system must provide an immediate real-time alert of all audit failure events requiring real-time alerts.	AUDIT AND ACCOUNTABILITY
AOSX-11-000310 - The system must provide an immediate real-time alert of all audit failure events requiring real-time alerts.	AUDIT AND ACCOUNTABILITY
AOSX-11-000330 - The system must, for networked systems, compare internal system clocks at least every 24 hours with a server.	AUDIT AND ACCOUNTABILITY
AOSX-11-000331 - Audit log files must be owned by root.	AUDIT AND ACCOUNTABILITY
AOSX-11-000332 - Audit log folders must be owned by root.	AUDIT AND ACCOUNTABILITY
AOSX-11-000333 - Audit log files must be group-owned by wheel.	AUDIT AND ACCOUNTABILITY
AOSX-11-000334 - Audit log folders must be group-owned by wheel.	AUDIT AND ACCOUNTABILITY
AOSX-11-000335 - Audit log files must be mode 440 or less permissive.	AUDIT AND ACCOUNTABILITY
AOSX-11-000336 - Audit log folders must have mode 700 or less permissive.	AUDIT AND ACCOUNTABILITY
AOSX-11-000337 - Log files must not contain ACLs.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
AOSX-11-000338 - Log folders must not contain ACLs.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
AOSX-11-000430 - The Security assessment policy subsystem must be enabled.	CONFIGURATION MANAGEMENT
AOSX-11-000435 - The operating system must limit privileges to change software resident within software libraries.	SYSTEM AND INFORMATION INTEGRITY
AOSX-11-000455 - A configuration profile must be installed.	CONFIGURATION MANAGEMENT
AOSX-11-000460 - The system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.	CONFIGURATION MANAGEMENT
AOSX-11-000475 - The application FaceTime must be disabled.	CONFIGURATION MANAGEMENT
AOSX-11-000480 - The application Game Center must be disabled.	CONFIGURATION MANAGEMENT
AOSX-11-000490 - The application Messages must be disabled.	CONFIGURATION MANAGEMENT
AOSX-11-000505 - The application Calendar must be disabled.	CONFIGURATION MANAGEMENT

Detections

Analytics

DISA STIG Apple Mac OSX 10.11 v1r6

Warning! Audit Deprecated

Audit Details

Audit Items