Detections
Analytics

CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1

Updated: 2/18/2025

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 49

File Details

Filename: CIS_Apple_macOS_14.0_Sonoma_Cloud-tailored_v1.0.0_L1.audit

Size: 87.3 kB

MD5: c15ea917909278b4ca59f5bd9a0928f7
SHA256: deb83b4addc43780b36f56b35f67820bb8e8428ba3fde3b3598f7af7222f3c5d

Audit Items

DescriptionCategories
1.1 Ensure All Apple-provided Software Is Current
1.2 Ensure Auto Update Is Enabled
1.3 Ensure Download New Updates When Available Is Enabled
1.4 Ensure Install of macOS Updates Is Enabled
1.5 Ensure Install Application Updates from the App Store Is Enabled
1.6 Ensure Install Security Responses and System Files Is Enabled
2.1.1 Ensure Firewall Is Enabled
2.1.2 Ensure Firewall Stealth Mode Is Enabled
2.2.1.1 Ensure Set Time and Date Automatically Is Enabled
2.2.1.2 Ensure Time Is Set Within Appropriate Limits
2.2.2.1 Ensure Screen Sharing Is Disabled
2.2.2.2 Ensure Remote Apple Events Is Disabled
2.3.2 Ensure Limit Ad Tracking Is Enabled
2.3.3 Ensure Gatekeeper Is Enabled
2.4.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled
2.4.2 Ensure Require Password After Screen Saver Begins or Display Is Turned Off Is Enabled for 5 Seconds or Immediately
2.4.3 Ensure a Custom Message for the Login Screen Is Enabled
2.4.4 Ensure Login Window Displays as Name and Password Is Enabled
2.4.5 Ensure Show Password Hints Is Disabled
2.5.1 Ensure Users' Accounts Do Not Have a Password Hint
2.6.1 Ensure Guest Account Is Disabled
2.6.2 Ensure Guest Access to Shared Folders Is Disabled
2.6.3 Ensure Automatic Login Is Disabled
3.1 Ensure Security Auditing Is Enabled
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size
3.4 Ensure Security Auditing Retention Is Enabled
3.5 Ensure Access to Audit Records Is Controlled
3.6 Ensure Firewall Logging Is Enabled and Configured
4.2 Ensure HTTP Server Is Disabled
4.3 Ensure NFS Server Is Disabled
5.1.1 Ensure Home Folders Are Secure
5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled
5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled
5.1.4 Ensure Signed System Volume (SSV) Is Enabled
5.1.5 Ensure Appropriate Permissions Are Enabled for System Wide Applications
5.1.6 Ensure No World Writable Folders Exist in the System Folder
5.2.1 Ensure Password Account Lockout Threshold Is Configured
5.2.2 Ensure Password Minimum Length Is Configured
5.2.7 Ensure Password Age Is Configured
5.2.8 Ensure Password History Is Configured
5.3 Ensure the Sudo Timeout Period Is Set to Zero
5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo
5.5 Ensure the "root" Account Is Disabled
5.6 Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session
5.8 Ensure the Guest Home Folder Does Not Exist
5.9 Ensure XProtect Is Running and Updated
5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled
5.11 Ensure Show All Filename Extensions Setting is Enabled
CIS_Apple_macOS_14.0_Sonoma_Cloud-tailored_v1.0.0_L1.audit from CIS Apple macOS 14.0 Sonoma Cloud-tailored Benchmark v1.0.0