Item Search

NameAudit NamePluginCategory
AOSX-13-000200 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000333 - The macOS system must be configured with audit log files group-owned by wheel.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000335 - The macOS system must be configured with audit log files set to mode 440 or less permissive.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000530 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000531 - The macOS system must be configured to disable the iCloud Find My Mac service.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000550 - The macOS system must be configured to disable the UUCP service.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000552 - The macOS system must obtain updates from a DoD-approved update server.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000557 - The macOS system must disable iCloud Back to My Mac feature.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000561 - The macOS system must disable iCloud Photo Library - com.apple.preferences.icloudDISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.DISA STIG Apple Mac OSX 10.13 v2r5Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessmentDISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000720 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.DISA STIG Apple Mac OSX 10.13 v2r5Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-13-000965 - The macOS system must be configured with Bluetooth Sharing disabled.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001211 - The macOS system must not send IPv6 ICMP redirects by default.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001215 - The macOS system must prevent local applications from generating source-routed packets.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001235 - The macOS system must have unused network devices disabled.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001275 - The macOS system must be configured to disable Web Sharing.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001465 - The macOS system must use a DoD antivirus program.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-002060 - The macOS system must be integrated into a directory services infrastructure.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-100001 - The macOS system must be a supported release.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-14-000005 - The macOS system must be configured to lock the user session when a smart token is removed.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000007 - The macOS system must be configured to disable hot corners - top rightDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH versionDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabledDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-000016 - The macOS system must be integrated into a directory services infrastructure.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000023 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting remote access to the operating system.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000024 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - DisableFDEAutologinDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.DISA STIG Apple Mac OSX 10.14 v2r6Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-14-001015 - The macOS system must be configured with audit log folders group-owned by wheel.DISA STIG Apple Mac OSX 10.14 v2r6Unix

AUDIT AND ACCOUNTABILITY

AOSX-14-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-002003 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002013 - The macOS system must be configured to disable the iCloud Reminders services.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002014 - The macOS system must be configured to disable iCloud Address Book services.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002017 - The macOS system must cover or disable the built-in or attached camera when not in use.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-002020 - The macOS system must be configured to disable Siri and dictation - Ironwood AllowedDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002034 - The macOS system must be configured to disable the Siri Setup services.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002039 - The macOS system must disable Siri pop-ups.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002043 - The macOS system must disable iCloud photo library - DisabledPreferencePanesDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002049 - The macOS system must disable Cloud Document Sync.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002051 - The macOS system must be configured to disable the system preference pane for TouchID - HiddenPreferencePanesDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002064 - The macOS system must have the security assessment policy subsystem enabled.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-002065 - The macOS system must limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders - Home directory ACLsDISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-14-003010 - The macOS system must enforce a minimum 15-character password length.DISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION