Item Search

NameAudit NamePluginCategory
2.2.2.1 Ensure Remote Apple Events Is DisabledCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.2.2.1 Ensure Remote Apple Events Is DisabledCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.1 Ensure Remote Apple Events Is DisabledCIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5 Ensure the latest iOS device architecture is used by high-value targetsAirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L2MDM

SYSTEM AND INFORMATION INTEGRITY

4.5 Ensure the latest iOS device architecture is used by high-value targetsAirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L2MDM

SYSTEM AND INFORMATION INTEGRITY

AIOS-12-011800 - Apple iOS must implement the management setting: not have any Family Members in Family Sharing.MobileIron - DISA Apple iOS 12 v2r1MDM

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

AIOS-13-012100 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection.AirWatch - DISA Apple iOS/iPadOS 13 v2r1MDM

CONFIGURATION MANAGEMENT

AIOS-14-010200 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection.AirWatch - DISA Apple iOS/iPadOS 14 v1r3MDM

CONFIGURATION MANAGEMENT

AIOS-18-011800 - Apple iOS/iPadOS 18 must implement the management setting: force Apple Watch wrist detection.AirWatch - DISA Apple iOS/iPadOS 18 v1r1MDM

CONFIGURATION MANAGEMENT

AOSX-14-002042 - The macOS system must disable iCloud bookmark synchronization.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - HiddenPreferencePanesDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002060 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopersDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002065 - The macOS system must limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders - Home directory ownersDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002066 - The macOS system must not allow an unattended or automatic logon to the system.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002067 - The macOS system must prohibit user installation of software without explicit privileged status.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User subdirectory Public permissionsDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002069 - The macOS system must authenticate peripherals before establishing a connection.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-002070 - The macOS system must use an approved antivirus program.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-003009 - The macOS system must prohibit password reuse for a minimum of five generations.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthenticationDISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-003051 - The macOS system must be configured so that the su command requires smart card authentication.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-005001 - The macOS system must enable System Integrity Protection.DISA STIG Apple Mac OSX 10.14 v2r6Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AOSX-15-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.DISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL

AOSX-15-000008 - The macOS system must be configured with Wi-Fi support software disabled.DISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

AOSX-15-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours.DISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL

AOSX-15-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.DISA STIG Apple Mac OSX 10.15 v1r10Unix

SYSTEM AND INFORMATION INTEGRITY

AOSX-15-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked.DISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL

AOSX-15-000024 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.DISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL

AOSX-15-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - FileVault UserDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.DISA STIG Apple Mac OSX 10.15 v1r10Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0.DISA STIG Apple Mac OSX 10.15 v1r10Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.DISA STIG Apple Mac OSX 10.15 v1r10Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..DISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-15-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).DISA STIG Apple Mac OSX 10.15 v1r10Unix

AUDIT AND ACCOUNTABILITY

AOSX-15-002004 - The macOS system must be configured to disable Location Services.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002005 - The macOS system must be configured to disable Bonjour multicast advertising.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002020 - The macOS system must be configured to disable Siri and dictation - Assistant AllowedDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisabledPreferencePanesDISA STIG Apple Mac OSX 10.15 v1r10Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory home permissionsDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-003009 - The macOS system must prohibit password reuse for a minimum of five generations.DISA STIG Apple Mac OSX 10.15 v1r10Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-15-003012 - The macOS system must be configured to prevent displaying password hints.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-003013 - The macOS system must be configured with a firmware password to prevent access to single user mode and booting from alternative media.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - PasswordAuthenticationDISA STIG Apple Mac OSX 10.15 v1r10Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-15-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - ASLDISA STIG Apple Mac OSX 10.15 v1r10Unix

SYSTEM AND INFORMATION INTEGRITY

AOSX-15-005001 - The macOS system must enable System Integrity Protection.DISA STIG Apple Mac OSX 10.15 v1r10Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AOSX-15-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest.DISA STIG Apple Mac OSX 10.15 v1r10Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-100001 - The macOS system must be a supported release.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

Big Sur - Disable Apple ID Setup during Setup AssistantNIST macOS Big Sur v1.4.0 - 800-53r5 HighUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Apple ID Setup during Setup AssistantNIST macOS Big Sur v1.4.0 - 800-53r5 LowUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Big Sur - Disable Apple ID Setup during Setup AssistantNIST macOS Big Sur v1.4.0 - All ProfilesUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT