Detections
Analytics

CIS Apple macOS 12.0 Monterey v3.0.0 L1

Audit Details

Name: CIS Apple macOS 12.0 Monterey v3.0.0 L1

Updated: 4/3/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 87

File Details

Filename: CIS_Apple_macOS_12.0_Monterey_v3.0.0_L1.audit

Size: 282 kB

MD5: 975419551277d446708bc4c98896ee5d
SHA256: 80556e1bd0bfadf39bcf0ba13edf278c488162ef2feedb420a4eeffb3514f239

Audit Items

DescriptionCategories
1.1 Ensure All Apple-provided Software Is Current

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2 Ensure Auto Update Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3 Ensure Download New Updates When Available Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.4 Ensure Installation of App Update Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.6 Ensure Install of macOS Updates Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.7 Ensure Software Update Deferment Is Less Than or Equal to 30 Days

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.9 Ensure the System is Managed by a Mobile Device Management (MDM) Software

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.1.1 Ensure Show Bluetooth Status in Menu Bar Is Enabled

CONFIGURATION MANAGEMENT

2.1.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.1 Ensure 'Set time and date automatically' Is Enabled

AUDIT AND ACCOUNTABILITY

2.2.2 Ensure Time Is Set Within Appropriate Limits

AUDIT AND ACCOUNTABILITY

2.3.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled

ACCESS CONTROL

2.4.1 Ensure Remote Apple Events Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.2 Ensure Internet Sharing Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.3 Ensure Screen Sharing Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.4 Ensure Printer Sharing Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.5 Ensure Remote Login Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.6 Ensure DVD or CD Sharing Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.7 Ensure Bluetooth Sharing Is Disabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

2.4.8 Ensure File Sharing Is Disabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.9 Ensure Remote Management Is Disabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.11 Ensure AirDrop Is Disabled When Not Actively Transferring Files

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.13 Ensure AirPlay Receiver Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.5.1.1 Ensure FileVault Is Enabled

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.1.2 Ensure all user storage APFS volumes are encrypted

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.1.3 Ensure all user storage CoreStorage volumes are encrypted

IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.2.1 Ensure Firewall Is Enabled

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.5.2.2 Ensure Firewall Stealth Mode Is Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.6 Ensure Limit Ad Tracking Is Enabled

CONFIGURATION MANAGEMENT

2.5.7 Ensure Gatekeeper Is Enabled

SYSTEM AND INFORMATION INTEGRITY

2.5.8 Ensure a Custom Message for the Login Screen Is Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.5.9 Ensure an Administrator Password Is Required to Access System-Wide Preferences

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.5.10 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled

IDENTIFICATION AND AUTHENTICATION

2.7.2 Ensure Time Machine Volumes Are Encrypted If Time Machine Is Enabled

CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.8.2 Ensure Wake for Network Access Is Disabled

CONFIGURATION MANAGEMENT

2.8.3 Ensure Power Nap Is Disabled for Intel Macs

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly

SYSTEM AND SERVICES ACQUISITION

2.9 Ensure Legacy EFI Is Valid and Updating - valid

SYSTEM AND SERVICES ACQUISITION

2.10 Audit Siri Settings

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.11 Audit Universal Control Settings

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.12 Audit Touch ID

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION

2.13 Audit Notification & Focus Settings

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.14 Audit Passwords System Preference Setting

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

2.15 Audit Dictation

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.16 Audit Internet Accounts for Authorized Use

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1 Ensure Security Auditing Is Enabled

AUDIT AND ACCOUNTABILITY

3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size

AUDIT AND ACCOUNTABILITY

3.4 Ensure Security Auditing Retention Is Enabled

AUDIT AND ACCOUNTABILITY

3.5 Ensure Access to Audit Records Is Controlled

ACCESS CONTROL, MEDIA PROTECTION