CIS Apple macOS 10.14 v2.0.0 L2

Audit Details

Name: CIS Apple macOS 10.14 v2.0.0 L2

Updated: 4/12/2023

Authority: CIS

Plugin: Unix

Revision: 1.4

Estimated Item Count: 43

File Details

Filename: CIS_Apple_macOS_10.14_v2.0.0_L2.audit

Size: 163 kB

MD5: 4d1d20cfda2910ca7ac3f43c581baf51
SHA256: ad9f1d1ce3b2afd2a7f3afed2b547c9285f6af3a1bc7eba02c61f5569a15878a

Audit Items

DescriptionCategories
1.7 Audit Computer Name

CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT

2.3.2 Ensure Screen Saver Corners Are Secure - bottom left corner

ACCESS CONTROL

2.3.2 Ensure Screen Saver Corners Are Secure - bottom right corner

ACCESS CONTROL

2.3.2 Ensure Screen Saver Corners Are Secure - top left corner

ACCESS CONTROL

2.3.2 Ensure Screen Saver Corners Are Secure - top right corner

ACCESS CONTROL

2.4.10 Ensure Content Caching Is Disabled

CONFIGURATION MANAGEMENT

2.5.3 Ensure Location Services Is Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.5.4 Audit Location Services Access

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.5.7 Audit Camera Privacy and Confidentiality

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.1.1 Audit iCloud Configuration

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.1.2 Audit iCloud Keychain

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.1.3 Audit iCloud Drive

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - Desktop

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - Document

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.2 Audit App Store Password Settings

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.7.1 Ensure Backup Up Automatically is Enabled

CONTINGENCY PLANNING

3.2 Ensure Security Auditing Flags Are Configured Per Local Organizational Requirements - 'audit all authorization and authentication events'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.2 Ensure Security Auditing Flags Are Configured Per Local Organizational Requirements - 'audit all failed write actions where enforcement stopped a file write'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.2 Ensure Security Auditing Flags Are Configured Per Local Organizational Requirements - 'audit failed program execution'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.2 Ensure Security Auditing Flags Are Configured Per Local Organizational Requirements - 'audit successful/failed administrative events'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.2 Ensure Security Auditing Flags Are Configured Per Local Organizational Requirements - 'audit successful/failed file attribute modification events'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.2 Ensure Security Auditing Flags Are Configured Per Local Organizational Requirements - 'audit successful/failed login/logout events'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.7 Audit Software Inventory

CONFIGURATION MANAGEMENT, MAINTENANCE

4.1 Ensure Bonjour Advertising Services Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.3 Audit Network Specific Locations

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

4.6 Audit Wi-Fi Settings

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.7 Ensure No World Writable Files Exist in the Library Folder

ACCESS CONTROL, MEDIA PROTECTION

5.2.3 Ensure Complex Password Must Contain Alphabetic Characters Is Configured

IDENTIFICATION AND AUTHENTICATION

5.2.4 Ensure Complex Password Must Contain Numeric Character Is Configured

IDENTIFICATION AND AUTHENTICATION

5.2.5 Ensure Complex Password Must Contain Special Character Is Configured

IDENTIFICATION AND AUTHENTICATION

5.2.6 Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is Configured

IDENTIFICATION AND AUTHENTICATION

5.5 Ensure login keychain is locked when the computer sleeps

ACCESS CONTROL

5.9 Ensure system is set to hibernate - DestroyFVKeyOnStandby

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.9 Ensure system is set to hibernate - hibernatemode

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.9 Ensure system is set to hibernate - highstandbythreshold

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.9 Ensure system is set to hibernate - standbydelayhigh

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.9 Ensure system is set to hibernate - standbydelaylow

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.13 Create a Login window banner

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.15 Ensure Fast User Switching Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

7.1 Extensible Firmware Interface (EFI) password

CONFIGURATION MANAGEMENT

7.2 FileVault and Local Account Password Reset using AppleID

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

CIS_Apple_macOS_10.14_v2.0.0_L2.audit from CIS Apple macOS 10.14 Benchmark v2.0.0