Item Search

NameAudit NamePluginCategory
AOSX-13-001140 - The macOS system must be configured with iTunes Music Sharing disabled.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001145 - All setuid executables on the macOS system must be documented.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001200 - The macOS system must ignore IPv4 ICMP redirect messages.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001327 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-002050 - The macOS system must be configured to disable AirDrop.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-002085 - The macOS system must enforce a 60-day maximum password lifetime restriction.DISA STIG Apple Mac OSX 10.13 v2r5Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-13-002105 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - aslDISA STIG Apple Mac OSX 10.13 v2r5Unix

SYSTEM AND INFORMATION INTEGRITY

AOSX-13-002105 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - newsyslogDISA STIG Apple Mac OSX 10.13 v2r5Unix

SYSTEM AND INFORMATION INTEGRITY

AOSX-13-002107 - The macOS system must be configured with access control lists (ACLs) for system log files to be set correctly - newsyslogDISA STIG Apple Mac OSX 10.13 v2r5Unix

SYSTEM AND INFORMATION INTEGRITY

AOSX-14-000007 - The macOS system must be configured to disable hot corners - bottom rightDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000007 - The macOS system must be configured to disable hot corners - top leftDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000013 - The macOS system must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - FileVault UserDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - SSHD currently runningDISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-14-001012 - The macOS system must be configured with audit log files owned by root.DISA STIG Apple Mac OSX 10.14 v2r6Unix

AUDIT AND ACCOUNTABILITY

AOSX-14-001013 - The macOS system must be configured with audit log folders owned by root.DISA STIG Apple Mac OSX 10.14 v2r6Unix

AUDIT AND ACCOUNTABILITY

AOSX-14-002006 - The macOS system must be configured to disable the UUCP service.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002009 - The macOS system must be configured to disable AirDrop.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002023 - The macOS system must be configured to disable the application Calendar.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002037 - The macOS system must be configured to disable the Cloud Storage Setup services.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002038 - The macOS system must be configured to disable the tftpd service.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-002051 - The macOS system must be configured to disable the system preference pane for TouchID - DisabledPreferencePanesDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002054 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisableBluetoothDISA STIG Apple Mac OSX 10.14 v2r6Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization.DISA STIG Apple Mac OSX 10.14 v2r6Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-002063 - The macOS system must disable the guest account.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory home permissionsDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory permissionsDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-003002 - The macOS system must enable certificate for smartcards.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthenticationDISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - enforceSmartCardDISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - PasswordAuthenticationDISA STIG Apple Mac OSX 10.14 v2r6Unix

MAINTENANCE

AOSX-14-003025 - The macOS system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-003052 - The macOS system must be configured so that the sudo command requires smart card authentication.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - ASLDISA STIG Apple Mac OSX 10.14 v2r6Unix

SYSTEM AND INFORMATION INTEGRITY

AOSX-14-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - ASLDISA STIG Apple Mac OSX 10.14 v2r6Unix

SYSTEM AND INFORMATION INTEGRITY

AOSX-14-005050 - The macOS Application Firewall must be enabled.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-15-000007 - The macOS system must be configured to disable hot corners - bottom leftDISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL

AOSX-15-000007 - The macOS system must be configured to disable hot corners - top rightDISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL

AOSX-15-000016 - The macOS system must be integrated into a directory services infrastructure.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner textDISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL

AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.DISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-15-001012 - The macOS system must be configured with audit log files owned by root.DISA STIG Apple Mac OSX 10.15 v1r10Unix

AUDIT AND ACCOUNTABILITY

AOSX-15-001031 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.DISA STIG Apple Mac OSX 10.15 v1r10Unix

AUDIT AND ACCOUNTABILITY

AOSX-15-002001 - The macOS system must be configured to disable SMB File Sharing unless it is required.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002006 - The macOS system must be configured to disable the UUCP service.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002009 - The macOS system must be configured to disable AirDrop - allowAirDropDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002009 - The macOS system must be configured to disable AirDrop - DisableAirDropDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002013 - The macOS system must be configured to disable the iCloud Reminders services.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002016 - The macOS system must be configured to disable the iCloud Notes services.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT