Revision 1.21Jul 24, 2018
Informational Update
- OSX00010 - Do not install unnecessary packages.
- OSX00012 - Verify file permissions
- OSX00015 - Create administrator accounts with difficult-to-guess names
- OSX00055/OSX00670- Application software updates/Operating System Updates
- OSX00115 - Securely configure LDAPv3 access
- OSX00120 - LDAP Authentication, Use authentication when connecting to LDAPv3.
- OSX00121 - Disable clear text passwords for all LDAPv3 directories
- OSX00122 - Digitally sign all LDAPv3 packets
- OSX00123 - Encrypt all LDAPv3 packets
- OSX00124 - LDAPv3 Block man-in-the-middle attacks
- OSX00125 - Securely configure Active Directory Access
- OSX00160 - Install an antivirus tool
- OSX00200 - Disable ability for administrative accounts to unlock Screen Saver
- OSX00280 - Set the correct date and time - 'date'
- OSX00280 - Set the correct date and time - 'time'
- OSX00290 - Disable Auto Update feature
- OSX00335 - Do not use password-related hint field
- OSX00370 - Battery Options - 'systemsetup -getwaitforstartupafterpowerfailure'
- OSX00385 - Disable unused hardware devices for Airport
- OSX00395 - Disable unused hardware devices for Firewire
- OSX00400 - Disable IPv6 - 'IPv6 interface listing'
- OSX00405 - Disable Auto play of movies.
- OSX00410 - Disable disk cache of movies
- OSX00415 - Securely configure QuickTime Advanced preferences
- OSX00450 - Pair infrared receiver with a specific IR remote (if receiver was not disabled previously)
- OSX00467 - Disable Bonjour
- OSX00470 - Do not allow DVD or CD Sharing
- OSX00480 - File Sharing - com.apple.smb.server
- OSX00480 - File Sharing - unload '/System/Library/LaunchDaemons/com.apple.AppleFileServer.plist'
- OSX00480 - File Sharing - unload '/System/Library/LaunchDaemons/ftp.plist'
- OSX00480 - File Sharing - unload '/System/Library/LaunchDaemons/nmbd.plist'
- OSX00480 - File Sharing - unload '/System/Library/LaunchDaemons/smbd.plist'
- OSX00490-Web Sharing - unload '/System/Library/LaunchDaemons/org.apache.httpd.plist'
- OSX00500 - Do not allow Remote Management
- OSX00505 - Remote Apple Events - unload '/System/Library/LaunchDaemons/eppc.plist'
- OSX00505-Remote Apple Events - unload '/System/Library/LaunchDaemons/com.apple.InternetSharing.plist'
- OSX00525 - Configure Mail using SSL
- OSX00530 - Disable iTunes Store
- OSX00535 - Set Finder to always empty Trash securely
- OSX00540 - Remove iDisk from Finder sidebar
- OSX00660 - Physical Security
- OSX00665 - Shared User Accounts are not permitted on the system
- OSX00675 - System Recovery Backups
- OSX00685 - Emergency Administrator Account
- OSX00690 - Administrator Account Password Changes
- OSX00695 - Application Account Passwords
- OSX00700 - Enable Automatic Screen Saver initiation when token removed from machine
- OSX00705 - Securely configure Spotlight Panel
Miscellaneous
- Metadata updated.
- Platform check updated.
- References updated.
Added
- DISA_STIG_MacOSX_10.5_v1r2.audit