CIS Apple macOS 10.13 L1 v1.1.0

Audit Details

Name: CIS Apple macOS 10.13 L1 v1.1.0

Updated: 4/12/2023

Authority: CIS

Plugin: Unix

Revision: 1.6

Estimated Item Count: 78

File Details

Filename: CIS_Apple_macOS_10.13_v1.1.0_Level_1.audit

Size: 167 kB

MD5: 0cda1917f8278850d1b8ea29226f2cf8
SHA256: 33917397f964d99f808dce0dfa256e5adeecec044f30a4071e2d033a4db42331

Audit Items

DescriptionCategories
1.1 Verify all Apple-provided software is current

SYSTEM AND INFORMATION INTEGRITY

1.2 Enable Auto Update

SYSTEM AND INFORMATION INTEGRITY

1.3 Enable app update installs

SYSTEM AND INFORMATION INTEGRITY

1.4 Enable system data files and security updates install - 'ConfigDataInstall'

SYSTEM AND INFORMATION INTEGRITY

1.4 Enable system data files and security updates install - 'CriticalUpdateInstall'

SYSTEM AND INFORMATION INTEGRITY

1.5 Enable macOS update installs

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Turn off Bluetooth, if no paired devices exist

CONFIGURATION MANAGEMENT

2.1.2 Show Bluetooth status in menu bar

CONFIGURATION MANAGEMENT

2.2.1 Enable 'Set time and date automatically' - Set time and date automatically

AUDIT AND ACCOUNTABILITY

2.2.2 Ensure time set is within appropriate limits

CONFIGURATION MANAGEMENT

2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver

ACCESS CONTROL

2.3.3 Familiarize users with screen lock tools or corner to Start Screen Saver

ACCESS CONTROL

2.4.1 Disable Remote Apple Events

CONFIGURATION MANAGEMENT

2.4.2 Disable Internet Sharing

CONFIGURATION MANAGEMENT

2.4.3 Disable Screen Sharing

CONFIGURATION MANAGEMENT

2.4.4 Disable Printer Sharing

CONFIGURATION MANAGEMENT

2.4.5 Disable Remote Login

ACCESS CONTROL

2.4.6 Disable DVD or CD Sharing

CONFIGURATION MANAGEMENT

2.4.7 Disable Bluetooth Sharing

CONFIGURATION MANAGEMENT

2.4.8 Disable File Sharing - AppleFileServer

CONFIGURATION MANAGEMENT

2.4.8 Disable File Sharing - SMB

CONFIGURATION MANAGEMENT

2.4.9 Disable Remote Management

CONFIGURATION MANAGEMENT

2.5.1.1 Enable FileVault

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.1.2 Ensure all user storage APFS volumes are encrypted

CONFIGURATION MANAGEMENT

2.5.1.3 Ensure all user storage CoreStorage volumes are encrypted

CONFIGURATION MANAGEMENT

2.5.2 Enable Gatekeeper

CONFIGURATION MANAGEMENT

2.5.3 Enable Firewall

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.4 Enable Firewall Stealth Mode

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.5 Review Application Firewall Rules

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.9 Review Advertising settings

CONFIGURATION MANAGEMENT

2.7.2 Time Machine Volumes Are Encrypted

SYSTEM AND COMMUNICATIONS PROTECTION

2.8 Disable 'Wake for network access' and 'Power Nap' - nap

ACCESS CONTROL

2.8 Disable 'Wake for network access' and 'Power Nap' - wake

ACCESS CONTROL

2.9 Pair the remote control infrared receiver if enabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.10 Enable Secure Keyboard Entry in terminal.app

CONFIGURATION MANAGEMENT

2.13 Ensure EFI version is valid and being regularly checked - daemon

SYSTEM AND INFORMATION INTEGRITY

2.13 Ensure EFI version is valid and being regularly checked - itegrity-check

SYSTEM AND INFORMATION INTEGRITY

3.1 Enable security auditing

AUDIT AND ACCOUNTABILITY

3.3 Retain install.log for 365 or more days

AUDIT AND ACCOUNTABILITY

3.4 Ensure security auditing retention

AUDIT AND ACCOUNTABILITY

3.5 Control access to audit records - /etc/security/audit_control
3.5 Control access to audit records - /var/audit

AUDIT AND ACCOUNTABILITY

3.6 Ensure Firewall is configured to log

AUDIT AND ACCOUNTABILITY

4.2 Enable 'Show Wi-Fi status in menu bar' - Show Wi-Fi status in menu bar

CONFIGURATION MANAGEMENT

4.4 Ensure http server is not running

CONFIGURATION MANAGEMENT

4.5 Ensure nfs server is not running

CONFIGURATION MANAGEMENT

5.1.1 Secure Home Folders

CONFIGURATION MANAGEMENT

5.1.2 Check System Wide Applications for appropriate permissions

ACCESS CONTROL

5.1.3 Check System folder for world writable files

ACCESS CONTROL

5.2.1 Configure account lockout threshold

ACCESS CONTROL