1.1 Verify all application software is current | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.2 Enable Auto Update | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.4 Enable system data files and security update installs - 'CriticalUpdateInstall' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.1.1.4 Audit Security Keys Used With Apple Accounts | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
2.1.1.4 Audit Security Keys Used With AppleIDs | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
2.1.3 Show Bluetooth status in menu bar | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
2.3.3.10 Ensure Media Sharing Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.3 Disable Screen Sharing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
2.4.7 Disable Bluetooth Sharing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
2.4.12 Ensure Media Sharing Is Disabled | CIS Apple macOS 12.0 Monterey v3.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - AutoSubmit | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - Siri Opt-In | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - Submission | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.8 Disable sending diagnostic and usage data to Apple | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
2.6.1 Enable FileVault - Encryption Type | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.2 Enable Gatekeeper | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
2.6.4 Enable Firewall Stealth Mode | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Pair the remote control infrared receiver if enabled - 'DeviceEnabled = 0' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
3.1.1 Retain system.log for 90 or more days | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.1.2 Retain appfirewall.log for 90 or more days | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed administrative events' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.2 Enable Auditing of Incoming Network Connections | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Defend against Denial of Service Attacks | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
4.4 Enable Auditing of Process and Privilege Events | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Ensure http server is not running | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
5.1.3 Check System Wide Applications for appropriate permissions | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
5.2.3 Complex passwords must contain an Alphabetic Character - '1 letter' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2.3 Complex passwords must contain an Alphabetic Character - 'Policy Check' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
5.2.3 Complex passwords must contain an Alphabetic Character - 'RequiresAlpha' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
5.2.7 Password Age | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.8 Disable automatic login | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
5.11 Disable ability to login to another user's active and locked session | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
5.12 Create a custom message for the Login Screen | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
5.14 Do not enter a password-related hint | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
6.1.3 Disable guest account login | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
Big Sur - Disable Remote Apple Events | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
Big Sur - Disable Remote Apple Events | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN - VFI with the globally unique VPN ID assigned for each customer VLAN | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
NIST_macOS_Monterey_800-53r5_high_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | |
NIST_macOS_Monterey_cnssi-1253_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | |