CIS Apple macOS 10.12 L2 v1.2.0

Audit Details

Name: CIS Apple macOS 10.12 L2 v1.2.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 50

File Details

Filename: CIS_Apple_macOS_10.12_v1.2.0_Level_2.audit

Size: 95.9 kB

MD5: f0af57c15a8b99c266a80aff49c836b6
SHA256: ed254bc0a9c4714d9d20e72c64b687fce758da2e5e9c129a28c42441ce9e53c4

Audit Items

DescriptionCategories
2.3.2 Secure screen saver corners - bottom left corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - bottom right corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - top left corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - top right corner

ACCESS CONTROL

2.6.6 Enable Location Services

CONFIGURATION MANAGEMENT

2.6.7 Monitor Location Services Access

CONFIGURATION MANAGEMENT

2.6.7 Monitor Location Services Access - evaluate application

AUDIT AND ACCOUNTABILITY

2.6.8 Disable sending diagnostic and usage data to Apple

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.7.1 iCloud configuration

ACCESS CONTROL

2.7.2 iCloud keychain

ACCESS CONTROL

2.7.3 iCloud Drive

ACCESS CONTROL

2.7.4 iCloud Drive Document sync

CONFIGURATION MANAGEMENT

2.7.5 iCloud Drive Desktop sync

CONFIGURATION MANAGEMENT

2.8.1 Time Machine Auto-Backup

CONTINGENCY PLANNING

2.11 Java 6 is not the default Java runtime

CONFIGURATION MANAGEMENT

2.12 Securely delete files as needed

CONFIGURATION MANAGEMENT

3.2 Configure Security Auditing Flags - 'audit all failed events across all audit classes'

AUDIT AND ACCOUNTABILITY

3.2 Configure Security Auditing Flags - 'audit successful/failed administrative events'

AUDIT AND ACCOUNTABILITY

3.2 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events'

AUDIT AND ACCOUNTABILITY

3.2 Configure Security Auditing Flags - 'audit successful/failed file deletion events'

AUDIT AND ACCOUNTABILITY

3.2 Configure Security Auditing Flags - 'audit successful/failed login/logout events'

AUDIT AND ACCOUNTABILITY

4.1 Disable Bonjour advertising service

CONFIGURATION MANAGEMENT

4.3 Create network specific locations

SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Check Library folder for world writable files

ACCESS CONTROL

5.2.3 Complex passwords must contain an Alphabetic Character

IDENTIFICATION AND AUTHENTICATION

5.2.4 Complex passwords must contain a Numeric Character

IDENTIFICATION AND AUTHENTICATION

5.2.5 Complex passwords must contain a Special Character

IDENTIFICATION AND AUTHENTICATION

5.2.6 Complex passwords must uppercase and lowercase letters

IDENTIFICATION AND AUTHENTICATION

5.5 Automatically lock the login keychain for inactivity

ACCESS CONTROL

5.6 Ensure login keychain is locked when the computer sleeps

IDENTIFICATION AND AUTHENTICATION

5.7 Enable OCSP and CRL certificate checking - CRLStyle

IDENTIFICATION AND AUTHENTICATION

5.7 Enable OCSP and CRL certificate checking - OCSPStyle

IDENTIFICATION AND AUTHENTICATION

5.11 Ensure system is set to hibernate

CONFIGURATION MANAGEMENT

5.15 Create a Login window banner

ACCESS CONTROL

5.17 Disable Fast User Switching

ACCESS CONTROL

5.18 Secure individual keychains and items

IDENTIFICATION AND AUTHENTICATION

5.19 Create specialized keychains for different purposes

IDENTIFICATION AND AUTHENTICATION

6.4 Safari disable Internet Plugins for global use

CONFIGURATION MANAGEMENT

6.5 Use parental controls for systems that are not centrally managed

CONFIGURATION MANAGEMENT

7.1 Wireless technology on macOS

ACCESS CONTROL

7.2 iSight Camera Privacy and Confidentiality Concerns

CONFIGURATION MANAGEMENT

7.3 Computer Name Considerations

CONFIGURATION MANAGEMENT

7.4 Software Inventory Considerations

CONFIGURATION MANAGEMENT

7.5 Firewall Consideration

CONFIGURATION MANAGEMENT

7.7 App Store Automatically download apps purchased on other Macs Considerations

CONFIGURATION MANAGEMENT

7.8 Extensible Firmware Interface (EFI) password

CONFIGURATION MANAGEMENT

7.9 FileVault and Local Account Password Reset using AppleID

ACCESS CONTROL

7.11 App Store Password Settings

ACCESS CONTROL, CONFIGURATION MANAGEMENT

7.15 System information backup to remote computers

CONTINGENCY PLANNING

CIS_Apple_macOS_10.12_v1.2.0_Level_2.audit from CIS Apple macOS 10.12 Benchmark v1.2.0