Item Search

NameAudit NamePluginCategory
1.3 Ensure Download New Updates When Available Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3 Ensure Download New Updates When Available Is EnabledCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.4 Ensure Install of macOS Updates Is EnabledCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.5 Ensure Install Application Updates from the App Store Is EnabledCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.1.1 Ensure "Set time and date automatically" Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

2.1.2 Ensure Time Is Set Within Appropriate LimitsCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

2.2.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

ACCESS CONTROL

2.3.1 Ensure Remote Apple Events Is DisabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3 Ensure Gatekeeper Is EnabledCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1Unix

SYSTEM AND INFORMATION INTEGRITY

2.4.1.1 Ensure Firewall Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.4.3 Ensure a Custom Message for the Login Screen Is EnabledCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.3 Ensure Limit Ad Tracking Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.4.5 Ensure Show Password Hints Is DisabledCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.5.1 Ensure Users' Accounts Do Not Have a Password HintCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

2.6.1 Ensure Guest Account Is DisabledCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

2.6.1.3 Audit iCloud DriveCIS Apple macOS 10.14 v2.0.0 L2Unix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.4 Ensure Security Auditing Retention Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

3.4 Ensure Security Auditing Retention Is EnabledCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

AUDIT AND ACCOUNTABILITY

3.6 Ensure Firewall Logging Is Enabled and ConfiguredCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1Unix

AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure Bonjour Advertising Services Is DisabledCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.2 Ensure HTTP Server Is DisabledCIS Apple macOS 11.0 Big Sur v4.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.3 Ensure HTTP Server Is DisabledCIS Apple macOS 10.15 Catalina v3.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.4 Ensure http server is not runningCIS Apple macOS 10.12 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

4.4 Ensure http server is not runningCIS Apple macOS 10.13 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

5.1.1 Ensure Home Folders Are SecureCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.1 Ensure Home Folders Are SecureCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

CONFIGURATION MANAGEMENT

5.1.5 Ensure Appropriate Permissions Are Enabled for System Wide ApplicationsCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.7 Ensure No World Writable Files Exist in the Library FolderCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.1 Ensure Password Account Lockout Threshold Is ConfiguredCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

ACCESS CONTROL

5.2.4 Ensure Complex Password Must Contain Numeric Character Is ConfiguredCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L2Unix

IDENTIFICATION AND AUTHENTICATION

5.2.4 Ensure Complex Password Must Contain Numeric Character Is ConfiguredCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L2Unix

IDENTIFICATION AND AUTHENTICATION

5.2.6 Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is ConfiguredCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L2Unix

IDENTIFICATION AND AUTHENTICATION

5.2.7 Ensure Password Age Is ConfiguredCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1Unix

ACCESS CONTROL

5.3 Ensure the Sudo Timeout Period Is Set to ZeroCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1Unix

ACCESS CONTROL

5.3 Ensure the Sudo Timeout Period Is Set to ZeroCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

ACCESS CONTROL

5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty ComboCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

ACCESS CONTROL

5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty ComboCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1Unix

ACCESS CONTROL

5.4.4 Ensure clusters are created with Private NodesCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2GCP

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.6 Ensure an Administrator Account Cannot Login to Another User's Active and Locked SessionCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

ACCESS CONTROL

5.7 Ensure a Login Window Banner ExistsCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.7 Ensure an Administrator Account Cannot Log In to Another User's Active and Locked SessionCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

ACCESS CONTROL

5.8 Ensure the Guest Home Folder Does Not ExistCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.9 Ensure Users' Accounts Do Not Have a Password HintCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

5.10 Ensure Secure Keyboard Entry Terminal.app Is EnabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

CONFIGURATION MANAGEMENT

5.11 Ensure XProtect Is Running and UpdatedCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

SYSTEM AND INFORMATION INTEGRITY

6.1.2 Ensure Show Password Hints Is DisabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

8.4 (L1) VMware Tools on deployed virtual machines must prevent being recustomizedCIS VMware ESXi 8.0 v1.1.0 L1VMware

CONFIGURATION MANAGEMENT, MAINTENANCE

AOSX-15-002037 - The macOS system must be configured to disable the Cloud Storage Setup services.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT