2.3.2 Secure screen saver corners - bottom left corner | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | ACCESS CONTROL |
2.4 Configure TCP Wrappers - enable tcp_wrappers for inetd | CIS Solaris 10 L1 v5.2 | Unix | |
2.4 Configure TCP Wrappers - enable tcp_wrappers for rpc/bind. Note: This check is recommended by CIS, but not required. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.4 Configure TCP Wrappers - Make sure that /etc/hosts.deny does exist. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
2.4.9 Disable Remote Management - 'ARDAgent is not running' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
2.6.6 Enable Location Services | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.7.2 iCloud keychain | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
2.11 Java 6 is not the default Java runtime | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
3.3 Enable Stack Protection - Makes sure 'noexec_user_stack_log' is set to 1 in /etc/system. Note: Only applicable if NX bit is set. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
3.4 Enable remote logging for Desktops on trusted networks | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.3 Enable Debug Level Daemon Logging - Check if daemon.debug is set to /var/log/connlog | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
4.3 Enable Debug Level Daemon Logging/4.4 Capture syslog AUTH Messages - Check if svc:/system/system-log is online | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Capture syslog AUTH Messages - Check if auth.info is set to var/log/authlog | CIS Solaris 10 L1 v5.2 | Unix | |
4.4 Ensure http server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
4.9 Enable Kernel Level Auditing - Check audit condition is set to auditing | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
5.1.1 Secure Home Folders | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
5.2.3 Complex passwords must contain an Alphabetic Character - '1 letter' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2.3 Complex passwords must contain an Alphabetic Character - 'Policy Check' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
5.2.3 Complex passwords must contain an Alphabetic Character - 'RequiresAlpha' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
5.2.4 Complex passwords must contain a Numeric Character - 'Numeric' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
5.2.4 Complex passwords must contain a Numeric Character - 'Policy Check' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
5.2.5 Complex passwords must contain a Special Character | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.4 Automatically lock the login keychain for inactivity | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.5 Ensure login keychain is locked when the computer sleeps | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.8 Disable automatic login | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
5.13 Create a Login window banner | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | ACCESS CONTROL |
5.16 Secure individual keychains and items | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
5.18 System Integrity Protection status | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
6.1.3 Disable guest account login | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
7.2 iSight Camera Privacy and Confidentiality Concerns | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
7.2 Set Password Expiration Parameters on Active Accounts - Check MAXWEEKS is set to 13 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.3 Set Strong Password Creation Policies - Check DICTIONDBDIR is set to /var/passwd | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.3 Set Strong Password Creation Policies - Check MAXREPEATS is set to 0 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.3 Set Strong Password Creation Policies - Check MINDIFF is set to 3 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.3 Set Strong Password Creation Policies - Check MINLOWER is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.3 Set Strong Password Creation Policies - Check NAMECHECK is set to YES | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.3 Set Strong Password Creation Policies - MINALPHA is set to 2 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.3 Set Strong Password Creation Policies - MINNONALPHA is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.7 App Store Automatically download apps purchased on other Macs Considerations | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
7.8 Extensible Firmware Interface (EFI) password | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
7.8 Set 'mesg n' as Default for All Users in /etc/.login | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
7.8 Set 'mesg n' as Default for All Users in /etc/profile | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
7.9 Lock Inactive User Accounts - Check if definact is set to 35. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is not set to default string. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
8.2 Create Warning Banner for CDE Users - Check if file permissions for files under /etc/dt/config/*/Xresources are OK. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
18.10.43.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |