2.3.1 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.1.2 Ensure AirPlay Receiver Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.10 Ensure Media Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.13 Ensure AirPlay Receiver Is Disabled | CIS Apple macOS 12.0 Monterey v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.6.3 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
AOSX-13-000025 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
AOSX-13-000075 - The macOS system must be configured with Infrared [IR] support disabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000095 - The macOS system must be configured with automatic actions disabled for music CDs. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000115 - The macOS system must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
AOSX-13-000141 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000305 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
AOSX-13-000507 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000518 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000523 - The macOS system must be configured to disable Siri and dictation. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000551 - The macOS system must disable the Touch ID feature. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000553 - The macOS system must not have a root account. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000559 - The macOS system must disable iCloud document synchronization. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - SPApplicationsDataType | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000850 - The macOS system must restrict the ability of individuals to use USB storage devices - eject | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-000955 - The macOS system must be configured so that Bluetooth devices are not allowed to wake the computer. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-001205 - The macOS system must not have IP forwarding for IPv4 enabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-001206 - The macOS system must not have IP forwarding for IPv6 enabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-001220 - The macOS system must not process Internet Control Message Protocol [ICMP] timestamp requests. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
AOSX-13-001324 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
AOSX-13-002090 - The macOS system must prohibit password reuse for a minimum of five generations. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
AOSX-13-002107 - The macOS system must be configured with access control lists (ACLs) for system log files to be set correctly - asl | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
AOSX-13-002110 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
AOSX-14-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
AOSX-14-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
AOSX-14-000012 - The macOS system must automatically remove or disable temporary user accounts after 72 hours. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
AOSX-15-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
AOSX-15-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
AOSX-15-002051 - The macOS system must be configured to disable the system preference pane for TouchID - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
AOSX-15-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
AOSX-15-002053 - The macOS system must be configured to disable the system preference pane for Siri - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
AOSX-15-002066 - The macOS system must not allow an unattended or automatic logon to the system. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
AOSX-15-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
AOSX-15-003010 - The macOS system must enforce a minimum 15-character password length. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
AOSX-15-003052 - The macOS system must be configured so that the sudo command requires smart card authentication. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
AOSX-15-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
AOSX-15-005050 - The macOS Application Firewall must be enabled. - EnableFirewall | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
Check PolicyBanner.rtf file exist | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | |