| AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - SSHD currently running | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-14-001012 - The macOS system must be configured with audit log files owned by root. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001013 - The macOS system must be configured with audit log folders owned by root. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-002006 - The macOS system must be configured to disable the UUCP service. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002009 - The macOS system must be configured to disable AirDrop. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002023 - The macOS system must be configured to disable the application Calendar. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002038 - The macOS system must be configured to disable the tftpd service. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-002051 - The macOS system must be configured to disable the system preference pane for TouchID - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002054 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisableBluetooth | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-002063 - The macOS system must disable the guest account. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory home permissions | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory permissions | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-003002 - The macOS system must enable certificate for smartcards. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - enforceSmartCard | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - PasswordAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | MAINTENANCE |
| AOSX-14-003025 - The macOS system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003052 - The macOS system must be configured so that the sudo command requires smart card authentication. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - ASL | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-14-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - ASL | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-14-005050 - The macOS Application Firewall must be enabled. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-000007 - The macOS system must be configured to disable hot corners - bottom left | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000007 - The macOS system must be configured to disable hot corners - top right | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner text | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-001012 - The macOS system must be configured with audit log files owned by root. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-002001 - The macOS system must be configured to disable SMB File Sharing unless it is required. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002006 - The macOS system must be configured to disable the UUCP service. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002009 - The macOS system must be configured to disable AirDrop - allowAirDrop | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002009 - The macOS system must be configured to disable AirDrop - DisableAirDrop | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002013 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002016 - The macOS system must be configured to disable the iCloud Notes services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002051 - The macOS system must be configured to disable the system preference pane for TouchID - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002053 - The macOS system must be configured to disable the system preference pane for Siri - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-002066 - The macOS system must not allow an unattended or automatic logon to the system. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-003010 - The macOS system must enforce a minimum 15-character password length. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-003052 - The macOS system must be configured so that the sudo command requires smart card authentication. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-005050 - The macOS Application Firewall must be enabled. - EnableFirewall | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| Check PolicyBanner.rtf file exist | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | |
