Detections
Analytics

CIS Apple macOS 10.15 v2.0.0 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple macOS 10.15 v2.0.0 L1

Updated: 9/30/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.1

Estimated Item Count: 79

Audit Items

DescriptionCategories
1.1 Verify all Apple-provided software is current
1.2 Ensure Auto Update Is Enabled
1.3 Ensure Download New Updates When Available is Enabled
1.4 Ensure Installation of App Update Is Enabled
1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled - 'ConfigDataInstall'
1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled - 'CriticalUpdateInstall'
1.6 Ensure Install of macOS Updates Is Enabled
2.1.1 Turn off Bluetooth, if no paired devices exist
2.1.2 Ensure Show Bluetooth Status in Menu Bar Is Enabled
2.2.1 Ensure 'Set time and date automatically' Is Enabled - Set time and date automatically
2.2.2 Ensure time set is within appropriate limits
2.3.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled
2.3.3 Audit Lock Screen and Start Screen Saver Tools
2.4.1 Ensure Remote Apple Events Is Disabled
2.4.2 Ensure Internet Sharing Is Disabled
2.4.3 Ensure Screen Sharing Is Disabled
2.4.4 Ensure Printer Sharing Is Disabled
2.4.5 Ensure Remote Login Is Disabled
2.4.6 Ensure DVD or CD Sharing Is Disabled
2.4.7 Ensure Bluetooth Sharing Is Disabled
2.4.8 Ensure File Sharing Is Disabled - AppleFileServer
2.4.8 Ensure File Sharing Is Disabled - SMB
2.4.9 Ensure Remote Management Is Disabled
2.4.11 Ensure AirDrop Is Disabled
2.5.1.1 Ensure FileVault Is Enabled
2.5.1.2 Ensure all user storage APFS volumes are encrypted
2.5.1.3 Ensure all user storage CoreStorage volumes are encrypted
2.5.2.1 Ensure Gatekeeper is Enabled
2.5.2.2 Ensure Firewall Is Enabled
2.5.2.3 Ensure Firewall Stealth Mode Is Enabled
2.5.6 Ensure Limit Ad Tracking Is Enabled
2.7.2 Ensure Time Machine Volumes Are Encrypted
2.8 Ensure Wake for Network Access Is Disabled
2.9 Ensure Power Nap Is Disabled
2.10 Ensure Secure Keyboard Entry terminal.app is Enabled
2.11 Ensure EFI Version Is Valid and Checked Regularly - daemon
2.11 Ensure EFI Version Is Valid and Checked Regularly - integrity-check
2.12 Audit Automatic Actions for Optical Media
2.13 Audit Siri Settings
2.14 Audit Sidecar Settings
2.15 Audit Touch ID and Wallet & Apple Pay Settings
3.1 Ensure Security Auditing Is Enabled
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - all_max
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - ttl
3.4 Ensure Security Auditing Retention Is Enabled
3.5 Ensure Access to Audit Records Is Controlled - /etc/security/audit_control
3.5 Ensure Access to Audit Records Is Controlled - /var/audit
3.6 Ensure Firewall Logging Is Enabled and Configured
4.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled - Show Wi-Fi status in menu bar
4.4 Ensure HTTP Server Is Disabled