Name: CIS Apple macOS 12.0 Monterey v3.1.0 L1
Updated: 7/29/2024
Authority: CIS
Plugin: Unix
Revision: 1.0
Estimated Item Count: 85
Filename: CIS_Apple_macOS_12.0_Monterey_v3.1.0_L1.audit
Size: 248 kB
Description | Categories |
---|---|
1.1 Ensure All Apple-provided Software Is Current | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.2 Ensure Auto Update Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.3 Ensure Download New Updates When Available Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.4 Ensure Installation of App Update Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.6 Ensure Install of macOS Updates Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.7 Ensure Software Update Deferment Is Less Than or Equal to 30 Days | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.9 Ensure the System is Managed by a Mobile Device Management (MDM) Software | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.1.1 Ensure Show Bluetooth Status in Menu Bar Is Enabled | CONFIGURATION MANAGEMENT |
2.1.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
2.2.1 Ensure "Set time and date automatically" Is Enabled | AUDIT AND ACCOUNTABILITY |
2.2.2 Ensure the Time Service Is Enabled | AUDIT AND ACCOUNTABILITY |
2.3.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled | ACCESS CONTROL |
2.4.1 Ensure Remote Apple Events Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.2 Ensure Internet Sharing Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.3 Ensure Screen Sharing Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.4 Ensure Printer Sharing Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.5 Ensure Remote Login Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.6 Ensure DVD or CD Sharing Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.7 Ensure Bluetooth Sharing Is Disabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
2.4.8 Ensure File Sharing Is Disabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.9 Ensure Remote Management Is Disabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.11 Ensure AirDrop Is Disabled When Not Actively Transferring Files | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.4.13 Ensure AirPlay Receiver Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.1.1 Ensure FileVault Is Enabled | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.5.1.2 Ensure all user storage APFS volumes are encrypted | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.5.1.3 Ensure all user storage CoreStorage volumes are encrypted | IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.5.2.1 Ensure Firewall Is Enabled | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.5.2.2 Ensure Firewall Stealth Mode Is Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.5.6 Ensure Limit Ad Tracking Is Enabled | CONFIGURATION MANAGEMENT |
2.5.7 Ensure Gatekeeper Is Enabled | SYSTEM AND INFORMATION INTEGRITY |
2.5.8 Ensure a Custom Message for the Login Screen Is Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.9 Ensure an Administrator Password Is Required to Access System-Wide Preferences | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.5.10 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled | IDENTIFICATION AND AUTHENTICATION |
2.7.2 Ensure Time Machine Volumes Are Encrypted If Time Machine Is Enabled | CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.8.2 Ensure Wake for Network Access Is Disabled | CONFIGURATION MANAGEMENT |
2.8.3 Ensure Power Nap Is Disabled for Intel Macs | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.9 Ensure Legacy EFI Is Valid and Updating | SYSTEM AND SERVICES ACQUISITION |
2.10 Audit Siri Settings | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.11 Audit Universal Control Settings | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.12 Audit Touch ID | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION |
2.13 Audit Notification & Focus Settings | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.14 Audit Passwords System Preference Setting | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
2.15 Audit Dictation | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.16 Audit Internet Accounts for Authorized Use | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.1 Ensure Security Auditing Is Enabled | AUDIT AND ACCOUNTABILITY |
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size | AUDIT AND ACCOUNTABILITY |
3.4 Ensure Security Auditing Retention Is Enabled | AUDIT AND ACCOUNTABILITY |
3.5 Ensure Access to Audit Records Is Controlled | ACCESS CONTROL, MEDIA PROTECTION |
3.6 Ensure Firewall Logging Is Enabled and Configured | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |