1.1 Verify all Apple provided software is current | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.2 Enable Auto Update Checks | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.2.1 - MobileIron - Disable JavaScript | MobileIron - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
1.2.1 - MobileIron - Disable JavaScript | MobileIron - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
1.2.3 - MobileIron - Disable Auto Fill for Contact Information | MobileIron - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
1.2.4 - MobileIron - Disable Auto Fill for Names and Passwords | MobileIron - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
1.2.5 - MobileIron - Disable Auto Fill for Credit Card Information | MobileIron - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
1.2.5 - MobileIron - Disable Auto Fill for Credit Card Information | MobileIron - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
1.2.7 - MobileIron - Delete Saved Credit Card Information | MobileIron - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
1.3 Enable app update installs | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.4 Enable system data files and security update installs - ConfigDataInstall | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |
2.1.2 Turn off Bluetooth "Discoverable" mode when not pairing devices | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.2.2 Ensure time set is within appropriate limits | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.2.3 Restrict NTP server to loopback interface | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.4 Set a screen corner to Start Screen Saver | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
2.4.2 Disable Internet Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.4.6 Disable DVD or CD Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.4.8 Disable File Sharing - smb | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.6.1 Enable FileVault - Encryption Status | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.2 Enable Gatekeeper | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.6.4 Enable Firewall Stealth Mode | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.5 Review Application Firewall Rules | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Pair the remote control infrared receiver if enabled - 'UIDFilter != none' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.5 Retain install.log for 365 or more days | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.4 Ensure http server is not running | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
4.5 Ensure ftp server is not running | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
5.1.1 Secure Home Folders | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
5.2.2 Set a minimum password length | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2.3 Complex passwords must contain an Alphabetic Character | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2.4 Complex passwords must contain a Numeric Character | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2.5 Complex passwords must contain a Symbolic Character | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.3 Reduce the sudo timeout period | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.8 Disable automatic login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.9 Require a password to wake the computer from sleep or screen saver | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.10 Require an administrator password to access system-wide preferences | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
5.14 Do not enter a password-related hint | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
6.1.1 Display login window as name and password | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
6.1.3 Disable guest account login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
6.1.4 Disable "Allow guests to connect to shared folders" | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
6.2 Turn on filename extensions | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
7.6 Automatic Actions for Optical Media | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |
DKER-EE-001890 - The option in Universal Control Plane (UCP) allowing users and administrators to schedule containers on all nodes, including UCP managers and Docker Trusted Registry (DTR) nodes must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-001900 - The Create repository on push option in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-001910 - Periodic data usage and analytics reporting in Universal Control Plane (UCP) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
Remote control infrared receiver disabled | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |