CIS Apple OSX 10.11 El Capitan L2 v1.1.0

Audit Details

Name: CIS Apple OSX 10.11 El Capitan L2 v1.1.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.12

Estimated Item Count: 45

File Details

Filename: CIS_OSX_10.11_v1.1.0_L2.audit

Size: 56.6 kB

MD5: c121df2dd14293bd6c39a330b86c553e
SHA256: e4949283f74b26fddd5c69d276ddbda75a0ef3f1a23eeb3e2bf0d1d2821fefb1

Audit Items

DescriptionCategories
2.2.1 Enable 'Set time and date automatically'

AUDIT AND ACCOUNTABILITY

2.3.2 Secure screen saver corners - bottom left corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - bottom right corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - top left corner

ACCESS CONTROL

2.3.2 Secure screen saver corners - top right corner

ACCESS CONTROL

2.5.1 Disable 'Wake for network access'

ACCESS CONTROL

2.5.2 Disable sleeping the computer when connected to power

ACCESS CONTROL

2.6.6 Enable Location Services

CONFIGURATION MANAGEMENT

2.6.7 Monitor Location Services Access

CONFIGURATION MANAGEMENT

2.7.1 iCloud configuration
2.7.2 iCloud keychain
2.7.3 iCloud Drive
2.8.1 Time Machine Auto-Backup

CONTINGENCY PLANNING

2.11 Java 6 is not the default Java runtime

CONFIGURATION MANAGEMENT

2.12 Securely delete files as needed
3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes'

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed administrative events'

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events'

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events'

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events'

AUDIT AND ACCOUNTABILITY

3.4 Enable remote logging for Desktops on trusted networks

AUDIT AND ACCOUNTABILITY

4.1 Disable Bonjour advertising service

CONFIGURATION MANAGEMENT

4.3 Create network specific locations
5.1.4 Check Library folder for world writable files

ACCESS CONTROL

5.4 Automatically lock the login keychain for inactivity

IDENTIFICATION AND AUTHENTICATION

5.5 Ensure login keychain is locked when the computer sleeps

IDENTIFICATION AND AUTHENTICATION

5.6 Enable OCSP and CRL certificate checking - CRLStyle

IDENTIFICATION AND AUTHENTICATION

5.6 Enable OCSP and CRL certificate checking - OCSPStyle

IDENTIFICATION AND AUTHENTICATION

5.13 Create a Login window banner

ACCESS CONTROL

5.15 Disable Fast User Switching

ACCESS CONTROL

5.16 Secure individual keychain and items
5.17 Create specialized keychains for different purposes
5.19 Install an approved tokend for smartcard authentication

IDENTIFICATION AND AUTHENTICATION

6.4 Safari disable Internet Plugins for global use

CONFIGURATION MANAGEMENT

6.5 Use parental controls for systems that are not centrally managed
7.1 Wireless technology on OS X
7.2 iSight Camera Privacy and Confidentiality Concerns
7.3 Computer Name Considerations
7.4 Software Inventory Considerations
7.5 Firewall Consideration
7.7 App Store Automatically download apps purchased on other Macs Considerations
7.8 Extensible Firmware Interface (EFI) password
7.9 Apple ID password reset
7.11 App Store Password Settings
Apple OSX 10.11 El Capitan Level 2, version 1.1.0

CONFIGURATION MANAGEMENT