Name: CIS Apple macOS 13.0 Ventura v1.0.0 L1
Updated: 5/24/2023
Authority: CIS
Plugin: Unix
Revision: 1.5
Estimated Item Count: 89
Filename: CIS_Apple_macOS_13.0_Ventura_v1.0.0_L1.audit
Size: 360 kB
Description | Categories |
---|---|
1.1 Ensure All Apple-provided Software Is Current | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.2 Ensure Auto Update Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.3 Ensure Download New Updates When Available Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.4 Ensure Install of macOS Updates Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.5 Ensure Install Application Updates from the App Store Is Enabled | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.6 Ensure Install Security Responses and System Files Is Enabled - ConfigDataInstall | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.6 Ensure Install Security Responses and System Files Is Enabled - CriticalUpdateInstall | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
1.7 Ensure Software Update Deferment Is Less Than or Equal to 30 Days | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
2.2.1 Ensure Firewall Is Enabled | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.2.2 Ensure Firewall Stealth Mode Is Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.1.1 Ensure AirDrop Is Disabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.1.2 Ensure AirPlay Receiver Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.2.1 Ensure Set Time and Date Automatically Is Enabled | AUDIT AND ACCOUNTABILITY |
2.3.2.2 Ensure Time Is Set Within Appropriate Limits | AUDIT AND ACCOUNTABILITY |
2.3.3.1 Ensure DVD or CD Sharing Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.2 Ensure Screen Sharing Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.3 Ensure File Sharing Is Disabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.4 Ensure Printer Sharing Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.5 Ensure Remote Login Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.6 Ensure Remote Management Is Disabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.7 Ensure Remote Apple Events Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.8 Ensure Internet Sharing Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.3.3.11 Ensure Bluetooth Sharing Is Disabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
2.3.4.2 Ensure Time Machine Volumes Are Encrypted If Time Machine Is Enabled | CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
2.4.2 Ensure Show Bluetooth Status in Menu Bar Is Enabled | CONFIGURATION MANAGEMENT |
2.5.1 Audit Siri Settings | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.6.3 Ensure Limit Ad Tracking Is Enabled | CONFIGURATION MANAGEMENT |
2.6.4 Ensure Gatekeeper Is Enabled | SYSTEM AND INFORMATION INTEGRITY |
2.6.5 Ensure FileVault Is Enabled - dontAllowFDEDisable | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.5 Ensure FileVault Is Enabled - fdesetup | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.6.7 Ensure an Administrator Password Is Required to Access System-Wide Preferences | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.8.1 Audit Universal Control Settings | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.9.1 Ensure Power Nap Is Disabled for Intel Macs | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.9.2 Ensure Wake for Network Access Is Disabled | CONFIGURATION MANAGEMENT |
2.10.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled | ACCESS CONTROL |
2.10.2 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled - askForPassword | IDENTIFICATION AND AUTHENTICATION |
2.10.2 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled - askForPasswordDelay | IDENTIFICATION AND AUTHENTICATION |
2.10.3 Ensure a Custom Message for the Login Screen Is Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.10.4 Ensure Login Window Displays as Name and Password Is Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.10.5 Ensure Show Password Hints Is Disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
2.11.1 Ensure Users' Accounts Do Not Have a Password Hint | IDENTIFICATION AND AUTHENTICATION |
2.11.2 Audit Touch ID and Wallet & Apple Pay Settings | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION |
2.12.1 Ensure Guest Account Is Disabled | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
2.12.2 Ensure Guest Access to Shared Folders Is Disabled | ACCESS CONTROL, MEDIA PROTECTION |
2.12.3 Ensure Automatic Login Is Disabled | IDENTIFICATION AND AUTHENTICATION |
2.13.1 Audit Passwords System Preference Setting | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
2.14.1 Audit Notification & Focus Settings | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.1 Ensure Security Auditing Is Enabled | AUDIT AND ACCOUNTABILITY |
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - all_max | AUDIT AND ACCOUNTABILITY |