DISA STIG Apple Mac OSX 10.13 v2r5

Audit Details

Name: DISA STIG Apple Mac OSX 10.13 v2r5

Updated: 9/19/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.4

Estimated Item Count: 148

File Details

Filename: DISA_STIG_Apple_OS_X_10.13_v2r5.audit

Size: 277 kB

MD5: a473b1f812e47b06f320992968be4e17
SHA256: 69bf440f1bcb755d5df783649313b01b1e86352c4e77bccaabb521e8228fd134

Audit Items

DescriptionCategories
AOSX-13-000005 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

ACCESS CONTROL

AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-bl-corner

ACCESS CONTROL

AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-br-corner

ACCESS CONTROL

AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tl-corner

ACCESS CONTROL

AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tr-corner

ACCESS CONTROL

AOSX-13-000007 - The macOS system must be configured to prevent Apple Watch from terminating a session lock.

ACCESS CONTROL

AOSX-13-000010 - The macOS system must initiate a session lock after a 15-minute period of inactivity.

ACCESS CONTROL

AOSX-13-000020 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.

ACCESS CONTROL

AOSX-13-000025 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started.

ACCESS CONTROL

AOSX-13-000030 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-13-000050 - The macOS system must be configured to disable rshd service.

CONFIGURATION MANAGEMENT

AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-13-000057 - The macOS system must enforce requirements for remote connections to the information

CONFIGURATION MANAGEMENT

AOSX-13-000065 - The macOS system must be configured with Bluetooth turned off unless approved by the organization.

CONFIGURATION MANAGEMENT

AOSX-13-000070 - The macOS system must be configured with Wi-Fi support software disabled.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-13-000075 - The macOS system must be configured with Infrared [IR] support disabled.

CONFIGURATION MANAGEMENT

AOSX-13-000085 - The macOS system must be configured with automatic actions disabled for blank CDs.

CONFIGURATION MANAGEMENT

AOSX-13-000090 - The macOS system must be configured with automatic actions disabled for blank DVDs.

CONFIGURATION MANAGEMENT

AOSX-13-000095 - The macOS system must be configured with automatic actions disabled for music CDs.

CONFIGURATION MANAGEMENT

AOSX-13-000100 - The macOS system must be configured with automatic actions disabled for picture CDs.

CONFIGURATION MANAGEMENT

AOSX-13-000105 - The macOS system must be configured with automatic actions disabled for video DVDs.

CONFIGURATION MANAGEMENT

AOSX-13-000110 - The macOS system must automatically remove or disable temporary user accounts after 72 hours.

ACCESS CONTROL

AOSX-13-000115 - The macOS system must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.

ACCESS CONTROL

AOSX-13-000120 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE

AOSX-13-000139 - The macOS system must be configured to disable SMB File Sharing unless it is required.

CONFIGURATION MANAGEMENT

AOSX-13-000140 - The macOS system must be configured to disable Apple File (AFP) Sharing.

CONFIGURATION MANAGEMENT

AOSX-13-000141 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required.

CONFIGURATION MANAGEMENT

AOSX-13-000142 - The macOS system must be configured to disable the Network File System (NFS) lock daemon unless it is required.

CONFIGURATION MANAGEMENT

AOSX-13-000143 - The macOS system must be configured to disable the Network File System (NFS) stat daemon unless it is required.

CONFIGURATION MANAGEMENT

AOSX-13-000155 - The macOS system firewall must be configured with a default-deny policy.

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

AOSX-13-000186 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the operating system.

ACCESS CONTROL

AOSX-13-000187 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.

ACCESS CONTROL

AOSX-13-000195 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system - 'Banner file'

ACCESS CONTROL

AOSX-13-000195 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system - 'Banner text'

ACCESS CONTROL

AOSX-13-000200 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources.

AUDIT AND ACCOUNTABILITY

AOSX-13-000230 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

AOSX-13-000240 - The macOS system must enable System Integrity Protection.

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-13-000295 - The macOS system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility.

AUDIT AND ACCOUNTABILITY

AOSX-13-000305 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.

AUDIT AND ACCOUNTABILITY

AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

AUDIT AND ACCOUNTABILITY

AOSX-13-000330 - The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS).

AUDIT AND ACCOUNTABILITY

AOSX-13-000331 - The macOS system must be configured with audit log files owned by root.

AUDIT AND ACCOUNTABILITY

AOSX-13-000332 - The macOS system must be configured with audit log folders owned by root.

AUDIT AND ACCOUNTABILITY

AOSX-13-000333 - The macOS system must be configured with audit log files group-owned by wheel.

AUDIT AND ACCOUNTABILITY

AOSX-13-000334 - The macOS system must be configured with audit log folders group-owned by wheel.

AUDIT AND ACCOUNTABILITY

AOSX-13-000335 - The macOS system must be configured with audit log files set to mode 440 or less permissive.

AUDIT AND ACCOUNTABILITY

AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.

AUDIT AND ACCOUNTABILITY