Theme

CIS Apple macOS 13.0 Ventura v1.0.0 L1

Audit Details

Name: CIS Apple macOS 13.0 Ventura v1.0.0 L1

Updated: 5/24/2023

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 89

File Details

Filename: CIS_Apple_macOS_13.0_Ventura_v1.0.0_L1.audit

Size: 360 kB

MD5: 71573a00c2de5b39e9bc7dc850e465e0

SHA256: f4db37780cdb433be0bd0fb6c817b612bdd148fb52a37f017f43396ed1657984

Audit Items

Description	Categories
1.1 Ensure All Apple-provided Software Is Current	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.2 Ensure Auto Update Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.3 Ensure Download New Updates When Available Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.4 Ensure Install of macOS Updates Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.5 Ensure Install Application Updates from the App Store Is Enabled	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.6 Ensure Install Security Responses and System Files Is Enabled - ConfigDataInstall	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.6 Ensure Install Security Responses and System Files Is Enabled - CriticalUpdateInstall	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.7 Ensure Software Update Deferment Is Less Than or Equal to 30 Days	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
2.2.1 Ensure Firewall Is Enabled	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
2.2.2 Ensure Firewall Stealth Mode Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.1.1 Ensure AirDrop Is Disabled	ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.1.2 Ensure AirPlay Receiver Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.2.1 Ensure Set Time and Date Automatically Is Enabled	AUDIT AND ACCOUNTABILITY
2.3.2.2 Ensure Time Is Set Within Appropriate Limits	AUDIT AND ACCOUNTABILITY
2.3.3.1 Ensure DVD or CD Sharing Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.3.2 Ensure Screen Sharing Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.3.3 Ensure File Sharing Is Disabled	ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.3.4 Ensure Printer Sharing Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.3.5 Ensure Remote Login Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.3.6 Ensure Remote Management Is Disabled	ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.3.7 Ensure Remote Apple Events Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.3.8 Ensure Internet Sharing Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.3.11 Ensure Bluetooth Sharing Is Disabled	ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION
2.3.4.2 Ensure Time Machine Volumes Are Encrypted If Time Machine Is Enabled	CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled	ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
2.4.2 Ensure Show Bluetooth Status in Menu Bar Is Enabled	CONFIGURATION MANAGEMENT
2.5.1 Audit Siri Settings	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.6.3 Ensure Limit Ad Tracking Is Enabled	CONFIGURATION MANAGEMENT
2.6.4 Ensure Gatekeeper Is Enabled	SYSTEM AND INFORMATION INTEGRITY
2.6.5 Ensure FileVault Is Enabled - dontAllowFDEDisable	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.6.5 Ensure FileVault Is Enabled - fdesetup	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.6.7 Ensure an Administrator Password Is Required to Access System-Wide Preferences	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.8.1 Audit Universal Control Settings	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.9.1 Ensure Power Nap Is Disabled for Intel Macs	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.9.2 Ensure Wake for Network Access Is Disabled	CONFIGURATION MANAGEMENT
2.10.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled	ACCESS CONTROL
2.10.2 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled - askForPassword	IDENTIFICATION AND AUTHENTICATION
2.10.2 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled - askForPasswordDelay	IDENTIFICATION AND AUTHENTICATION
2.10.3 Ensure a Custom Message for the Login Screen Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.10.4 Ensure Login Window Displays as Name and Password Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.10.5 Ensure Show Password Hints Is Disabled	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.11.1 Ensure Users' Accounts Do Not Have a Password Hint	IDENTIFICATION AND AUTHENTICATION
2.11.2 Audit Touch ID and Wallet & Apple Pay Settings	CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION
2.12.1 Ensure Guest Account Is Disabled	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
2.12.2 Ensure Guest Access to Shared Folders Is Disabled	ACCESS CONTROL, MEDIA PROTECTION
2.12.3 Ensure Automatic Login Is Disabled	IDENTIFICATION AND AUTHENTICATION
2.13.1 Audit Passwords System Preference Setting	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
2.14.1 Audit Notification & Focus Settings	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
3.1 Ensure Security Auditing Is Enabled	AUDIT AND ACCOUNTABILITY
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - all_max	AUDIT AND ACCOUNTABILITY