1.1 Verify all Apple provided software is current | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.3 Disable MariaDB Command History - .mysql_history | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | MEDIA PROTECTION |
1.3 Enable app update installs | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.4 Enable system data files and security update installs - ConfigDataInstall | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
2.1.1 Disable Bluetooth, if no paired devices exist | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |
2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |
2.2.2 Ensure time set is within appropriate limits | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
2.2.3 Restrict NTP server to loopback interface | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
2.6.1 Enable FileVault - Encryption Type | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.3 Enable Firewall | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
2.8.2 Time Machine Volumes Are Encrypted | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Ensure MariaDB is Bound to an IP Address | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
2.11 Require Client-Side Certificates (X.509) | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.1.1 Retain system.log for 90 or more days | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.1.3 Retain authd.log for 90 or more days | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.2 Enable security auditing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed administrative events' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.3 Ensure 'allow-suspicious-udfs' is Set to 'OFF' | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
4.4 Ensure http server is not running | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
5.1.1 Secure Home Folders | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
5.1.2 Repair permissions regularly to ensure binaries and other System files have appropriate permissions | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
5.1.3 Check System Wide Applications for appropriate permissions | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.1.4 Check System folder for world writable files | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.2.1 Configure account lockout threshold | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.2.2 Set a minimum password length | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.3 Reduce the sudo timeout period | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.7 Do not enable the "root" account | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.8 Disable automatic login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
5.10 Require an administrator password to access system-wide preferences | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
5.12 Create a custom message for the Login Screen | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
6.1.1 Display login window as name and password | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
6.1.2 Disable "Show password hints" | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
6.1.3 Disable guest account login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
6.3 Ensure 'log_warnings' is Set to '2' | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
6.4 Ensure Audit Logging Is Enabled | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
6.12 Set EEPROM Security Mode and Log Failed Access - SPARC only. Should *not* be 'security-mode=none'. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/.login. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
AIOS-17-012650 - Apple iOS/iPadOS 17 must implement the management setting: approved Apple Watches must be managed by an MDM. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
allow-suspicious-udfs option file | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | |
CIS VMware ESXi 5.5 v1.2.0 Level 2 | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | |
NIST_macOS_Monterey_800-53r5_low_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | |
NIST_macOS_Monterey_800-53r5_moderate_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | |
NIST_macOS_Monterey_All_Profiles_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - All Profiles | Unix | |