Item Search

NameAudit NamePluginCategory
2.3.1 Ensure Sending Diagnostic and Usage Data to Apple Is DisabledCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.1.2 Ensure AirPlay Receiver Is DisabledCIS Apple macOS 13.0 Ventura v3.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.10 Ensure Media Sharing Is DisabledCIS Apple macOS 15.0 Sequoia v1.0.0 L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.13 Ensure AirPlay Receiver Is DisabledCIS Apple macOS 12.0 Monterey v3.1.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.3 Ensure Sending Diagnostic and Usage Data to Apple Is DisabledCIS Apple macOS 14.0 Sonoma v2.0.0 L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.9 Ensure the latest iOS device architecture is used by high-value targetsAirWatch - CIS Apple iOS 17 v1.1.0 End User Owned L2MDM

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT

4.9 Ensure the latest iOS device architecture is used by high-value targetsMobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L2MDM

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT

4.9 Ensure the latest iOS device architecture is used by high-value targetsAirWatch - CIS Apple iOS 17 Institution Owned L2MDM

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT

4.9 Ensure the latest iOS device architecture is used by high-value targetsMobileIron - CIS Apple iOS 17 Institution Owned L2MDM

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT

AOSX-13-000025 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-13-000075 - The macOS system must be configured with Infrared [IR] support disabled.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000095 - The macOS system must be configured with automatic actions disabled for music CDs.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000115 - The macOS system must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-000141 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000305 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000507 - The macOS system must be configured to disable the iCloud Reminders services.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000518 - The macOS system must cover or disable the built-in or attached camera when not in use.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000523 - The macOS system must be configured to disable Siri and dictation.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000551 - The macOS system must disable the Touch ID feature.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000553 - The macOS system must not have a root account.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000559 - The macOS system must disable iCloud document synchronization.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - SPApplicationsDataTypeDISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000850 - The macOS system must restrict the ability of individuals to use USB storage devices - ejectDISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000955 - The macOS system must be configured so that Bluetooth devices are not allowed to wake the computer.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001205 - The macOS system must not have IP forwarding for IPv4 enabled.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001206 - The macOS system must not have IP forwarding for IPv6 enabled.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001220 - The macOS system must not process Internet Control Message Protocol [ICMP] timestamp requests.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001324 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-002090 - The macOS system must prohibit password reuse for a minimum of five generations.DISA STIG Apple Mac OSX 10.13 v2r5Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-13-002107 - The macOS system must be configured with access control lists (ACLs) for system log files to be set correctly - aslDISA STIG Apple Mac OSX 10.13 v2r5Unix

SYSTEM AND INFORMATION INTEGRITY

AOSX-13-002110 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AOSX-14-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000012 - The macOS system must automatically remove or disable temporary user accounts after 72 hours.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-15-002017 - The macOS system must cover or disable the built-in or attached camera when not in use.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002051 - The macOS system must be configured to disable the system preference pane for TouchID - HiddenPreferencePanesDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - DisabledPreferencePanesDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002053 - The macOS system must be configured to disable the system preference pane for Siri - DisabledPreferencePanesDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - HiddenPreferencePanesDISA STIG Apple Mac OSX 10.15 v1r10Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-002066 - The macOS system must not allow an unattended or automatic logon to the system.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction.DISA STIG Apple Mac OSX 10.15 v1r10Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-15-003010 - The macOS system must enforce a minimum 15-character password length.DISA STIG Apple Mac OSX 10.15 v1r10Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-15-003052 - The macOS system must be configured so that the sudo command requires smart card authentication.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-005050 - The macOS Application Firewall must be enabled. - EnableFirewallDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

Check PolicyBanner.rtf file existDISA STIG Apple Mac OSX 10.15 v1r10Unix