CIS Apple macOS 13.0 Ventura v1.0.0 L1

Audit Details

Name: CIS Apple macOS 13.0 Ventura v1.0.0 L1

Updated: 5/24/2023

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 89

File Details

Filename: CIS_Apple_macOS_13.0_Ventura_v1.0.0_L1.audit

Size: 360 kB

MD5: 71573a00c2de5b39e9bc7dc850e465e0
SHA256: f4db37780cdb433be0bd0fb6c817b612bdd148fb52a37f017f43396ed1657984

Audit Items

DescriptionCategories
1.1 Ensure All Apple-provided Software Is Current

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2 Ensure Auto Update Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3 Ensure Download New Updates When Available Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.4 Ensure Install of macOS Updates Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.5 Ensure Install Application Updates from the App Store Is Enabled

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.6 Ensure Install Security Responses and System Files Is Enabled - ConfigDataInstall

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.6 Ensure Install Security Responses and System Files Is Enabled - CriticalUpdateInstall

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.7 Ensure Software Update Deferment Is Less Than or Equal to 30 Days

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.2.1 Ensure Firewall Is Enabled

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.2.2 Ensure Firewall Stealth Mode Is Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.1.1 Ensure AirDrop Is Disabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.1.2 Ensure AirPlay Receiver Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.2.1 Ensure Set Time and Date Automatically Is Enabled

AUDIT AND ACCOUNTABILITY

2.3.2.2 Ensure Time Is Set Within Appropriate Limits

AUDIT AND ACCOUNTABILITY

2.3.3.1 Ensure DVD or CD Sharing Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.2 Ensure Screen Sharing Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.3 Ensure File Sharing Is Disabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.4 Ensure Printer Sharing Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.5 Ensure Remote Login Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.6 Ensure Remote Management Is Disabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.7 Ensure Remote Apple Events Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.8 Ensure Internet Sharing Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.3.11 Ensure Bluetooth Sharing Is Disabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

2.3.4.2 Ensure Time Machine Volumes Are Encrypted If Time Machine Is Enabled

CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.2 Ensure Show Bluetooth Status in Menu Bar Is Enabled

CONFIGURATION MANAGEMENT

2.5.1 Audit Siri Settings

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.6.3 Ensure Limit Ad Tracking Is Enabled

CONFIGURATION MANAGEMENT

2.6.4 Ensure Gatekeeper Is Enabled

SYSTEM AND INFORMATION INTEGRITY

2.6.5 Ensure FileVault Is Enabled - dontAllowFDEDisable

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6.5 Ensure FileVault Is Enabled - fdesetup

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6.7 Ensure an Administrator Password Is Required to Access System-Wide Preferences

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.8.1 Audit Universal Control Settings

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.9.1 Ensure Power Nap Is Disabled for Intel Macs

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.9.2 Ensure Wake for Network Access Is Disabled

CONFIGURATION MANAGEMENT

2.10.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled

ACCESS CONTROL

2.10.2 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled - askForPassword

IDENTIFICATION AND AUTHENTICATION

2.10.2 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled - askForPasswordDelay

IDENTIFICATION AND AUTHENTICATION

2.10.3 Ensure a Custom Message for the Login Screen Is Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.10.4 Ensure Login Window Displays as Name and Password Is Enabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.10.5 Ensure Show Password Hints Is Disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.11.1 Ensure Users' Accounts Do Not Have a Password Hint

IDENTIFICATION AND AUTHENTICATION

2.11.2 Audit Touch ID and Wallet & Apple Pay Settings

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION

2.12.1 Ensure Guest Account Is Disabled

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

2.12.2 Ensure Guest Access to Shared Folders Is Disabled

ACCESS CONTROL, MEDIA PROTECTION

2.12.3 Ensure Automatic Login Is Disabled

IDENTIFICATION AND AUTHENTICATION

2.13.1 Audit Passwords System Preference Setting

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

2.14.1 Audit Notification & Focus Settings

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1 Ensure Security Auditing Is Enabled

AUDIT AND ACCOUNTABILITY

3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - all_max

AUDIT AND ACCOUNTABILITY