Detections
Analytics

CIS Apple OSX 10.11 El Capitan L2 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple OSX 10.11 El Capitan L2 v1.0.0

Updated: 1/9/2017

Authority: CIS

Plugin: Unix

Revision: 1.8

Estimated Item Count: 41

File Details

Filename: CIS_OSX_10.11_v1.0.0_L2.audit

Size: 49 kB

MD5: e26dc2b1248b83a35d334767137085ed
SHA256: 10af78a952d4275916f5544ad84f9dc5eaebc509c85463a426febd1e3ff71d9d

Audit Items

DescriptionCategories
2.2.1 Enable 'Set time and date automatically'

AUDIT AND ACCOUNTABILITY

2.3.2 Secure screen saver corners - bottom left corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - bottom right corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - top left corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - top right corner

ACCESS CONTROL

2.5.1 Disable 'Wake for network access'

CONFIGURATION MANAGEMENT

2.5.2 Disable sleeping the computer when connected to power

ACCESS CONTROL

2.7.1 iCloud configuration
2.7.2 iCloud keychain
2.7.3 iCloud Drive
2.10 Java 6 is not the default Java runtime

CONFIGURATION MANAGEMENT

2.11 Securely delete files as needed

CONFIGURATION MANAGEMENT

3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes'

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed administrative events'

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events'

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events'

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events'

AUDIT AND ACCOUNTABILITY

3.4 Enable remote logging for Desktops on trusted networks
4.1 Disable Bonjour advertising service

SYSTEM AND COMMUNICATIONS PROTECTION

4.3 Create network specific locations
5.1.4 Check Library folder for world writable files

ACCESS CONTROL

5.4 Automatically lock the login keychain for inactivity

IDENTIFICATION AND AUTHENTICATION

5.5 Ensure login keychain is locked when the computer sleeps

IDENTIFICATION AND AUTHENTICATION

5.6 Enable OCSP and CRL certificate checking - CRLStyle

IDENTIFICATION AND AUTHENTICATION

5.6 Enable OCSP and CRL certificate checking - OCSPStyle

IDENTIFICATION AND AUTHENTICATION

5.13 Create a Login window banner

ACCESS CONTROL

5.15 Disable Fast User Switching

ACCESS CONTROL

5.16 Secure individual keychain and items
5.17 Create specialized keychains for different purposes
5.19 Install an approved tokend for smartcard authentication
6.4 Use parental controls for systems that are not centrally managed
7.1 Wireless technology on OS X
7.2 iSight Camera Privacy and Confidentiality Concerns
7.3 Computer Name Considerations
7.4 Software Inventory Considerations
7.5 Firewall Consideration
7.7 App Store Automatically download apps purchased on other Macs Considerations
7.8 Extensible Firmware Interface (EFI) password
7.9 Apple ID password reset
7.11 App Store Password Settings
Mac OSX 10.11 El Capitan is not installed