DISA STIG Apple Mac OSX 10.9 v1r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Apple Mac OSX 10.9 v1r2

Updated: 4/2/2021

Authority: DISA STIG

Plugin: Unix

Revision: 1.9

Estimated Item Count: 148

Audit Items

Description	Categories
AOSX-09-000005 - The operating system must conceal, via the session lock, information previously visible on the display with an image.	ACCESS CONTROL
AOSX-09-000010 - The operating system must initiate a session lock after a 15-minute period of inactivity.	ACCESS CONTROL
AOSX-09-000020 - System must retain session lock until user reestablishes access using identification and authentication procedures.	ACCESS CONTROL
AOSX-09-000030 - The operating system must monitor remote access methods.	AUDIT AND ACCOUNTABILITY
AOSX-09-000035 - The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.	CONFIGURATION MANAGEMENT
AOSX-09-000040 - The operating system must implement cryptography to protect the integrity of remote access sessions.	CONFIGURATION MANAGEMENT
AOSX-09-000050 - The rshd service must be disabled.	CONFIGURATION MANAGEMENT
AOSX-09-000055 - The operating system must enforce requirements for remote connections to the information system.	CONFIGURATION MANAGEMENT
AOSX-09-000065 - The Bluetooth software driver must be removed - 'IOBluetoothFamily.kext'	CONFIGURATION MANAGEMENT
AOSX-09-000065 - The Bluetooth software driver must be removed - 'IOBluetoothHIDDriver.kext'	CONFIGURATION MANAGEMENT
AOSX-09-000070 - Wi-Fi support software must be disabled.	CONFIGURATION MANAGEMENT
AOSX-09-000075 - Infrared [IR] support must be disabled.	CONFIGURATION MANAGEMENT
AOSX-09-000085 - Automatic actions must be disabled for blank CDs.	CONFIGURATION MANAGEMENT
AOSX-09-000090 - Automatic actions must be disabled for blank DVDs.	CONFIGURATION MANAGEMENT
AOSX-09-000095 - Automatic actions must be disabled for music CDs.	CONFIGURATION MANAGEMENT
AOSX-09-000100 - Automatic actions must be disabled for picture CDs.	CONFIGURATION MANAGEMENT
AOSX-09-000105 - Automatic actions must be disabled for video DVDs.	CONFIGURATION MANAGEMENT
AOSX-09-000110 - The operating system must automatically remove or disable temporary user accounts after 72 hours.
AOSX-09-000115 - The operating system must be configured such that emergency administrator accounts are never automatically disabled.
AOSX-09-000120 - The operating system must automatically audit account creation.	AUDIT AND ACCOUNTABILITY
AOSX-09-000125 - The operating system must automatically audit account modification.	AUDIT AND ACCOUNTABILITY
AOSX-09-000130 - The operating system must automatically audit account disabling actions.	AUDIT AND ACCOUNTABILITY
AOSX-09-000135 - The operating system must automatically audit account removal actions.	AUDIT AND ACCOUNTABILITY
AOSX-09-000139 - SMB File Sharing must be disabled.	CONFIGURATION MANAGEMENT
AOSX-09-000140 - Apple File (AFP) Sharing must be disabled.	CONFIGURATION MANAGEMENT
AOSX-09-000141 - The NFS daemon must be disabled.	CONFIGURATION MANAGEMENT
AOSX-09-000142 - The NFS lock daemon must be disabled.	CONFIGURATION MANAGEMENT
AOSX-09-000143 - The NFS stat daemon must be disabled.	CONFIGURATION MANAGEMENT
AOSX-09-000155 - The system firewall must be configured with a default-deny policy.
AOSX-09-000170 - The operating system must generate audit records for privileged activities or other system-level access.	AUDIT AND ACCOUNTABILITY
AOSX-09-000185 - System must display the DoD Notice and Consent Banner before granting access to the system - '/etc/motd Banner'	ACCESS CONTROL
AOSX-09-000185 - System must display the DoD Notice and Consent Banner before granting access to the system - '/etc/motd'	CONFIGURATION MANAGEMENT
AOSX-09-000185 - System must display the DoD Notice and Consent Banner before granting access to the system - 'PolicyBanner.rtf text'	ACCESS CONTROL
AOSX-09-000185 - System must display the DoD Notice and Consent Banner before granting access to the system - 'PolicyBanner.rtfd text'	ACCESS CONTROL
AOSX-09-000185 - System must display the DoD Notice and Consent Banner before granting access to the system - PolicyBanner.rtfd	ACCESS CONTROL
AOSX-09-000195 - Publically accessible connections to system must display the DoD Banner before granting access - '/etc/motd Banner'	ACCESS CONTROL
AOSX-09-000195 - Publically accessible connections to system must display the DoD Banner before granting access - '/etc/motd'	CONFIGURATION MANAGEMENT
AOSX-09-000195 - Publically accessible connections to system must display the DoD Banner before granting access - 'PolicyBanner.rtf text'	ACCESS CONTROL
AOSX-09-000195 - Publically accessible connections to system must display the DoD Banner before granting access - 'PolicyBanner.rtfd text'	ACCESS CONTROL
AOSX-09-000195 - Publically accessible connections to system must display the DoD Banner before granting access - 'PolicyBanner.rtfd'	ACCESS CONTROL
AOSX-09-000200 - The operating system must generate audit records when successful/unsuccessful logon attempts occur.	AUDIT AND ACCOUNTABILITY
AOSX-09-000230 - The operating system must initiate session audits at system startup.	AUDIT AND ACCOUNTABILITY
AOSX-09-000240 - System must provide audit record generation capability for DoD-defined auditable events for all system components.	AUDIT AND ACCOUNTABILITY
AOSX-09-000245 - System must generate audit records for all account creations, modifications, disabling, and termination events.	AUDIT AND ACCOUNTABILITY
AOSX-09-000295 - System must allocate audit record storage capacity to store at least one weeks worth of audit records.	AUDIT AND ACCOUNTABILITY
AOSX-09-000305 - System must provide an immediate warning to the SA and ISSO when allocated audit record storage volume reaches 75%.	AUDIT AND ACCOUNTABILITY
AOSX-09-000310 - System must provide an immediate real-time alert to the SA and ISSO of all audit failure events requiring real-time alerts.	AUDIT AND ACCOUNTABILITY
AOSX-09-000330 - System must compare internal system clocks at least every 24 hours with an approved server.	AUDIT AND ACCOUNTABILITY
AOSX-09-000331 - Audit log files must be owned by root.	AUDIT AND ACCOUNTABILITY
AOSX-09-000332 - Audit log folders must be owned by root.	AUDIT AND ACCOUNTABILITY

Detections

Analytics

DISA STIG Apple Mac OSX 10.9 v1r2

Warning! Audit Deprecated

Audit Details

Audit Items