Item Search

NameAudit NamePluginCategory
AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tl-cornerDISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-000020 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-13-000057 - The macOS system must enforce requirements for remote connections to the informationDISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000120 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE

AOSX-13-000139 - The macOS system must be configured to disable SMB File Sharing unless it is required.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000140 - The macOS system must be configured to disable Apple File (AFP) Sharing.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000187 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-000200 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000333 - The macOS system must be configured with audit log files group-owned by wheel.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000335 - The macOS system must be configured with audit log files set to mode 440 or less permissive.DISA STIG Apple Mac OSX 10.13 v2r5Unix

AUDIT AND ACCOUNTABILITY

AOSX-13-000530 - The macOS system must be configured to disable sending diagnostic and usage data to Apple.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000531 - The macOS system must be configured to disable the iCloud Find My Mac service.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000550 - The macOS system must be configured to disable the UUCP service.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000552 - The macOS system must obtain updates from a DoD-approved update server.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000557 - The macOS system must disable iCloud Back to My Mac feature.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000561 - The macOS system must disable iCloud Photo Library - com.apple.preferences.icloudDISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.DISA STIG Apple Mac OSX 10.13 v2r5Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessmentDISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000720 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less.DISA STIG Apple Mac OSX 10.13 v2r5Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-13-000965 - The macOS system must be configured with Bluetooth Sharing disabled.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001211 - The macOS system must not send IPv6 ICMP redirects by default.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001215 - The macOS system must prevent local applications from generating source-routed packets.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001235 - The macOS system must have unused network devices disabled.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001275 - The macOS system must be configured to disable Web Sharing.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-001465 - The macOS system must use a DoD antivirus program.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-002060 - The macOS system must be integrated into a directory services infrastructure.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-100001 - The macOS system must be a supported release.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-14-000005 - The macOS system must be configured to lock the user session when a smart token is removed.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000007 - The macOS system must be configured to disable hot corners - top rightDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH versionDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabledDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-000016 - The macOS system must be integrated into a directory services infrastructure.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-14-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000023 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting remote access to the operating system.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000024 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - DisableFDEAutologinDISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL

AOSX-14-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less.DISA STIG Apple Mac OSX 10.14 v2r6Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.DISA STIG Apple Mac OSX 10.14 v2r6Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-14-001015 - The macOS system must be configured with audit log folders group-owned by wheel.DISA STIG Apple Mac OSX 10.14 v2r6Unix

AUDIT AND ACCOUNTABILITY

AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User subdirectory permissionsDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User subdirectory Public permissionsDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used.DISA STIG Apple Mac OSX 10.15 v1r10Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - enforceSmartCardDISA STIG Apple Mac OSX 10.15 v1r10Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-15-003050 - The macOS system must be configured so that the login command requires smart card authentication.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-005050 - The macOS Application Firewall must be enabled. - EnableStealthModeDISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AOSX-15-005051 - The macOS system must restrict the ability to utilize external writable media devices.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

Check if MRT service is runningDISA STIG Apple Mac OSX 10.15 v1r10Unix