CIS Apple OSX 10.6 Snow Leopard L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apple OSX 10.6 Snow Leopard L1 v1.0.0

Updated: 4/2/2021

Authority: CIS

Plugin: Unix

Revision: 1.28

Estimated Item Count: 75

Audit Items

DescriptionCategories
1.1.3 Install Mac OS X using Mac OS Extended Journaled disk format

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.4/1.1.5 Do not install/remove any unnecessary Applications or packages

CONFIGURATION MANAGEMENT

1.1.6 Do not transfer confidential information in Setup Assistant
1.1.7 Create administrator accounts with difficult-to-guess names

ACCESS CONTROL

1.1.8 Create complex passwords for administrator accounts 'requiresMixedCase = 1'

IDENTIFICATION AND AUTHENTICATION

1.1.8 Create complex passwords for administrator accounts 'requiresNumeric = 1'

IDENTIFICATION AND AUTHENTICATION

1.1.9 Do not enter a password-related hint

IDENTIFICATION AND AUTHENTICATION

1.2.2 Create an access warning for the login window

ACCESS CONTROL

1.2.4 Turn on file extensions
1.3.1 Create an administrator account and a standard account for each administrator
1.3.2 Create a standard or managed account for each non-administrator
1.3.3 Set appropriate parental controls for managed accounts
1.3.7 Use Password Assistant to help generate complex passwords
1.3.9 Automatically lock the login keychain after 15 minutes of inactivity and when sleeping
1.3.14 Do not enable the 'root' account

ACCESS CONTROL

1.4.1.1 Do not enable or use MobileMe

CONFIGURATION MANAGEMENT

1.4.2.1 Change initial password for the system administrator account
1.4.2.2 Disable automatic login

ACCESS CONTROL

1.4.2.3 Display login window as name and password

ACCESS CONTROL

1.4.2.4 Disable 'Show password hints'

IDENTIFICATION AND AUTHENTICATION

1.4.2.7 Disable 'Allow guest to log into this computer'

ACCESS CONTROL

1.4.2.8 Disable 'Allow guests to connect to shared folders' (AFP)

ACCESS CONTROL

1.4.2.8 Disable 'Allow guests to connect to shared folders' (SMB)

ACCESS CONTROL

1.4.3.1 Disable Bluetooth by using System Preferences for each user account

CONFIGURATION MANAGEMENT

1.4.3.2 Disable Bluetooth internet connection sharing

CONFIGURATION MANAGEMENT

1.4.3.3 If Bluetooth is used, turn off 'Discoverable' when not needed

CONFIGURATION MANAGEMENT

1.4.3.4 Show Bluetooth status in menu bar
1.4.5.1 Enter correct time settings 'process'

AUDIT AND ACCOUNTABILITY

1.4.5.1 Enter correct time settings 'server 1'

AUDIT AND ACCOUNTABILITY

1.4.5.1 Enter correct time settings 'server 2'

AUDIT AND ACCOUNTABILITY

1.4.5.1 Enter correct time settings 'TIMESYNC'

CONFIGURATION MANAGEMENT

1.4.6.1 Set a short inactivity interval for the screen saver

ACCESS CONTROL

1.4.6.2 Disable users or admins to login to another users active and locked session

ACCESS CONTROL

1.4.7.2 Verify Display Sleep is set to a value larger than the Screen Saver

ACCESS CONTROL

1.4.7.3 Disable 'Wake when the modem detects a ring' for all power settings

ACCESS CONTROL

1.4.7.4 Disable 'Wake for Ethernet network administrator access' for power adapter settings

ACCESS CONTROL

1.4.8.2 Set a screen corner to Start Screen Saver

ACCESS CONTROL

1.4.8.3 Do not set any screen corner to Sleep Display
1.4.9.1 Disable 'Allow Bluetooth devices to wake this computer'

CONFIGURATION MANAGEMENT

1.4.10.2 Disable AirPort

CONFIGURATION MANAGEMENT

1.4.10.3 Enable Show AirPort Status in Menu Bar
1.4.10.4 Disable Bluetooth 'com.apple.blued'

CONFIGURATION MANAGEMENT

1.4.10.4 Disable Bluetooth 'IOBluetoothFamily.kext'

CONFIGURATION MANAGEMENT

1.4.10.4 Disable Bluetooth 'IOBluetoothHIDDriver.kext'

CONFIGURATION MANAGEMENT

1.4.11.1 Only use known printers
1.4.11.2 Disable receiving faxes
1.4.12.1 Do not install third-party QuickTime software
1.4.12.2 Disable 'Play Movies automatically'
1.4.13.1 Require a password to wake the computer from sleep or screen saver

ACCESS CONTROL

1.4.13.2 Disable automatic login

ACCESS CONTROL