Detections
Analytics

DISA Apple macOS 14 (Sonoma) STIG v2r3

Audit Details

Name: DISA Apple macOS 14 (Sonoma) STIG v2r3

Updated: 10/31/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 156

File Details

Filename: DISA_STIG_Apple_macOS_14_Sonoma_v2r3.audit

Size: 309 kB

MD5: d640b1cdebf076cdc2fd900bcdcb7707
SHA256: 1e3235be062b4648dfa5118c5689cc5b58e5b1b314782a493f1ad7d95e6d0bfc

Audit Changelog

Ā 
Revision 1.1

Oct 31, 2025

Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Added
  • APPL-14-000001 - The macOS system must prevent Apple Watch from terminating a session lock.
  • APPL-14-000002 - The macOS system must enforce screen saver password.
  • APPL-14-000003 - The macOS system must enforce session lock no more than five seconds after screen saver is started.
  • APPL-14-000005 - The macOS system must configure user session lock when a smart token is removed.
  • APPL-14-000007 - The macOS system must disable hot corners.
  • APPL-14-000009 - The macOS system must prevent AdminHostInfo from being available at LoginWindow.
  • APPL-14-000012 - The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.
  • APPL-14-000014 - The macOS system must enforce time synchronization.
  • APPL-14-000022 - The macOS system must limit consecutive failed log on attempts to three.
  • APPL-14-000023 - The macOS system must display the Standard Mandatory DOD Notice and Consent Banner at remote log on.
  • APPL-14-000024 - The macOS system must enforce SSH to display the Standard Mandatory DOD Notice and Consent Banner.
  • APPL-14-000025 - The macOS system must display the Standard Mandatory DOD Notice and Consent Banner at the login window.
  • APPL-14-000030 - The macOS system must configure audit log files to not contain access control lists.
  • APPL-14-000031 - The macOS system must configure audit log folders to not contain access control lists.
  • APPL-14-000033 - The macOS system must disable FileVault automatic log on.
  • APPL-14-000051 - The macOS system must configure SSHD ClientAliveInterval to 900.
  • APPL-14-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1.
  • APPL-14-000053 - The macOS system must set Login Grace Time to 30.
  • APPL-14-000054 - The macOS system must limit SSHD to FIPS-compliant connections.
  • APPL-14-000057 - The macOS system must limit SSH to FIPS-compliant connections.
  • APPL-14-000060 - The macOS system must set account lockout time to 15 minutes.
  • APPL-14-000070 - The macOS system must enforce screen saver timeout.
  • APPL-14-000090 - The macOS system must disable logon to other user's active and locked sessions.
  • APPL-14-000100 - The macOS system must disable root logon.
  • APPL-14-000110 - The macOS system must configure SSH ServerAliveInterval option set to 900.
  • APPL-14-000120 - The macOS system must configure SSHD Channel Timeout to 900.
  • APPL-14-000130 - The macOS system must configure SSHD unused connection timeout to 900.
  • APPL-14-000140 - The macOS system must set SSH Active Server Alive Maximum to 0.
  • APPL-14-000160 - The macOS system must enforce auto logout after 86400 seconds of inactivity.
  • APPL-14-000170 - The macOS system must be configured to use an authorized time server.
  • APPL-14-000180 - The macOS system must enable time synchronization daemon.
  • APPL-14-001001 - The macOS system must be configured to audit all administrative action events.
  • APPL-14-001002 - The macOS system must be configured to audit all log on and log out events.
  • APPL-14-001003 - The macOS system must enable security auditing.
  • APPL-14-001010 - The macOS system must configure system to shut down upon audit failure.
  • APPL-14-001012 - The macOS system must configure audit log files to be owned by root.
  • APPL-14-001013 - The macOS system must configure audit log folders to be owned by root.
  • APPL-14-001014 - The macOS system must configure audit log files group to wheel.
  • APPL-14-001015 - The macOS system must configure audit log folders group to wheel.
  • APPL-14-001016 - The macOS system must configure audit log files to mode 440 or less permissive.
  • APPL-14-001017 - The macOS system must configure audit log folders to mode 700 or less permissive.
  • APPL-14-001020 - The macOS system must be configured to audit all deletions of object attributes.
  • APPL-14-001021 - The macOS system must be configured to audit all changes of object attributes.
  • APPL-14-001022 - The macOS system must be configured to audit all failed read actions on the system.
  • APPL-14-001023 - The macOS system must be configured to audit all failed write actions on the system.
  • APPL-14-001024 - The macOS system must be configured to audit all failed program execution on the system.
  • APPL-14-001029 - The macOS system must configure audit retention to seven days.
  • APPL-14-001030 - The macOS system must configure audit capacity warning.
  • APPL-14-001031 - The macOS system must configure audit failure notification.
  • APPL-14-001044 - The macOS system must configure the system to audit all authorization and authentication events.
  • APPL-14-001060 - The macOS system must set smart card certificate trust to moderate.
  • APPL-14-001100 - The macOS system must disable root logon for SSH.
  • APPL-14-001110 - The macOS system must configure audit_control group to wheel.
  • APPL-14-001120 - The macOS system must configure audit_control owner to root.
  • APPL-14-001130 - The macOS system must configure audit_control to mode 440 or less permissive.
  • APPL-14-001140 - The macOS system must configure audit_control to not contain access control lists.
  • APPL-14-001150 - The macOS system must disable password authentication for SSH.
  • APPL-14-002001 - The macOS system must disable Server Message Block sharing.
  • APPL-14-002003 - The macOS system must disable Network File System service.
  • APPL-14-002004 - The macOS system must disable Location Services.
  • APPL-14-002005 - The macOS system must disable Bonjour multicast.
  • APPL-14-002006 - The macOS system must disable Unix-to-Unix Copy Protocol service.
  • APPL-14-002007 - The macOS system must disable Internet Sharing.
  • APPL-14-002008 - The macOS system must disable the built-in web server.
  • APPL-14-002009 - The macOS system must disable AirDrop.
  • APPL-14-002010 - The macOS system must disable FaceTime.app.
  • APPL-14-002012 - The macOS system must disable the iCloud Calendar services.
  • APPL-14-002013 - The macOS system must disable iCloud Reminders.
  • APPL-14-002014 - The macOS system must disable iCloud Address Book.
  • APPL-14-002015 - The macOS system must disable iCloud Mail.
  • APPL-14-002016 - The macOS system must disable iCloud Notes.
  • APPL-14-002017 - The macOS system must disable the camera.
  • APPL-14-002020 - The macOS system must disable Siri.
  • APPL-14-002021 - The macOS system must disable sending diagnostic and usage data to Apple.
  • APPL-14-002022 - The macOS system must disable Remote Apple Events.
  • APPL-14-002035 - The macOS system must disable Apple ID setup during Setup Assistant.
  • APPL-14-002036 - The macOS system must disable Privacy Setup services during Setup Assistant.
  • APPL-14-002037 - The macOS system must disable iCloud Storage Setup during Setup Assistant.
  • APPL-14-002038 - The macOS system must disable Trivial File Transfer Protocol service.
  • APPL-14-002039 - The macOS system must disable Siri Setup during Setup Assistant.
  • APPL-14-002040 - The macOS system must disable iCloud Keychain synchronization.
  • APPL-14-002041 - The macOS system must disable iCloud Document synchronization.
  • APPL-14-002042 - The macOS system must disable iCloud Bookmarks.
  • APPL-14-002043 - The macOS system must disable iCloud Photo Library.
  • APPL-14-002050 - The macOS system must disable Screen Sharing and Apple Remote Desktop.
  • APPL-14-002051 - The macOS system must disable the TouchID System Settings pane.
  • APPL-14-002052 - The macOS system must disable the System Settings pane for Wallet and Apple Pay.
  • APPL-14-002053 - The macOS system must disable the system settings pane for Siri.
  • APPL-14-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.
  • APPL-14-002062 - The macOS system must disable Bluetooth when no approved device is connected.
  • APPL-14-002063 - The macOS system must disable the guest account.
  • APPL-14-002064 - The macOS system must enable Gatekeeper.
  • APPL-14-002066 - The macOS system must disable unattended or automatic log on to the system.
  • APPL-14-002068 - The macOS system must secure user's home folders.
  • APPL-14-002069 - The macOS system must require administrator privileges to modify systemwide settings.
  • APPL-14-002080 - The macOS system must disable Airplay Receiver.
  • APPL-14-002090 - The macOS system must disable TouchID for unlocking the device.
  • APPL-14-002100 - The macOS system must disable Media Sharing.
  • APPL-14-002110 - The macOS system must disable Bluetooth sharing.
  • APPL-14-002120 - The macOS system must disable AppleID and Internet Account modifications.
  • APPL-14-002130 - The macOS system must disable CD/DVD Sharing.
  • APPL-14-002140 - The macOS system must disable content caching service.
  • APPL-14-002150 - The macOS system must disable iCloud desktop and document folder synchronization.
  • APPL-14-002160 - The macOS system must disable iCloud Game Center.
  • APPL-14-002170 - The macOS system must disable iCloud Private Relay.
  • APPL-14-002180 - The macOS system must disable Find My service.
  • APPL-14-002190 - The macOS system must disable password autofill.
  • APPL-14-002200 - The macOS system must disable personalized advertising.
  • APPL-14-002210 - The macOS system must disable sending Siri and Dictation information to Apple.
  • APPL-14-002220 - The macOS system must enforce on device dictation.
  • APPL-14-002230 - The macOS system must disable dictation.
  • APPL-14-002240 - The macOS system must disable Printer Sharing.
  • APPL-14-002250 - The macOS system must disable Remote Management.
  • APPL-14-002260 - The macOS system must disable the Bluetooth system settings pane.
  • APPL-14-002270 - The macOS system must disable the iCloud Freeform services.
  • APPL-14-003001 - The macOS system must issue or obtain public key certificates from an approved service provider.
  • APPL-14-003007 - The macOS system must require passwords contain a minimum of one numeric character.
  • APPL-14-003008 - The macOS system must restrict maximum password lifetime to 60 days.
  • APPL-14-003010 - The macOS system must require a minimum password length of 14 characters.
  • APPL-14-003011 - The macOS system must require passwords contain a minimum of one special character.
  • APPL-14-003012 - The macOS system must disable password hints.
  • APPL-14-003013 - The macOS system must enable firmware password.
  • APPL-14-003014 - The macOS system must remove password hints from user accounts.
  • APPL-14-003020 - The macOS system must enforce smart card authentication.
  • APPL-14-003030 - The macOS system must allow smart card authentication.
  • APPL-14-003050 - The macOS system must enforce multifactor authentication for logon.
  • APPL-14-003051 - The macOS system must enforce multifactor authentication for the su command.
  • APPL-14-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.
  • APPL-14-003060 - The macOS system must require passwords contain a minimum of one lowercase character and one uppercase character.
  • APPL-14-003070 - The macOS system must set minimum password lifetime to 24 hours.
  • APPL-14-003080 - The macOS system must disable accounts after 35 days of inactivity.
  • APPL-14-004001 - The macOS system must configure Apple System Log files to be owned by root and group to wheel.
  • APPL-14-004002 - The macOS system must configure Apple System Log files to mode 640 or less permissive.
  • APPL-14-004022 - The macOS system must require users to reauthenticate for privilege escalation when using the \"sudo\" command.
  • APPL-14-004030 - The macOS system must configure system log files to be owned by root and group to wheel.
  • APPL-14-004040 - The macOS system must configure system log files to mode 640 or less permissive.
  • APPL-14-004050 - The macOS system must configure install.log retention to 365.
  • APPL-14-004060 - The macOS system must configure sudoers timestamp type.
  • APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.
  • APPL-14-005020 - The macOS system must enforce FileVault.
  • APPL-14-005050 - The macOS system must enable the application firewall.
  • APPL-14-005052 - The macOS system must configure login window to prompt for username and password.
  • APPL-14-005054 - The macOS system must disable TouchID prompt during Setup Assistant.
  • APPL-14-005055 - The macOS system must disable Screen Time prompt during Setup Assistant.
  • APPL-14-005056 - The macOS system must disable Unlock with Apple Watch during Setup Assistant.
  • APPL-14-005058 - The macOS system must disable Handoff.
  • APPL-14-005060 - The macOS system must disable proximity-based password sharing requests.
  • APPL-14-005061 - The macOS system must disable Erase Content and Settings.
  • APPL-14-005070 - The macOS system must enable Authenticated Root.
  • APPL-14-005080 - The macOS system must prohibit user installation of software into /users/.
  • APPL-14-005090 - The macOS system must authorize USB devices before allowing connection.
  • APPL-14-005100 - The macOS system must ensure secure boot level set to full.
  • APPL-14-005110 - The macOS system must enforce enrollment in mobile device management.
  • APPL-14-005120 - The macOS system must enable recovery lock.
  • APPL-14-005130 - The macOS system must enforce installation of XProtect Remediator and Gatekeeper updates automatically.
  • DISA_STIG_Apple_macOS_14_Sonoma_v2r3.audit from DISA Apple macOS 14 (Sonoma) STIG v2r3
Removed
  • APPL-14-000001 The macOS system must prevent Apple Watch from terminating a session lock.
  • APPL-14-000002 The macOS system must enforce screen saver password.
  • APPL-14-000003 The macOS system must enforce session lock no more than five seconds after screen saver is started.
  • APPL-14-000005 The macOS system must configure user session lock when a smart token is removed.
  • APPL-14-000007 The macOS system must disable hot corners.
  • APPL-14-000009 The macOS system must prevent AdminHostInfo from being available at LoginWindow.
  • APPL-14-000012 The macOS system must automatically remove or disable temporary or emergency user accounts within 72 hours.
  • APPL-14-000014 The macOS system must enforce time synchronization.
  • APPL-14-000022 The macOS system must limit consecutive failed log on attempts to three.
  • APPL-14-000023 The macOS system must display the Standard Mandatory DOD Notice and Consent Banner at remote log on.
  • APPL-14-000024 The macOS system must enforce SSH to display the Standard Mandatory DOD Notice and Consent Banner.
  • APPL-14-000025 The macOS system must display the Standard Mandatory DOD Notice and Consent Banner at the login window.
  • APPL-14-000030 The macOS system must configure audit log files to not contain access control lists.
  • APPL-14-000031 The macOS system must configure audit log folders to not contain access control lists.
  • APPL-14-000033 The macOS system must disable FileVault automatic log on.
  • APPL-14-000051 The macOS system must configure SSHD ClientAliveInterval to 900.
  • APPL-14-000052 The macOS system must configure SSHD ClientAliveCountMax to 1.
  • APPL-14-000053 The macOS system must set Login Grace Time to 30.
  • APPL-14-000054 The macOS system must limit SSHD to FIPS-compliant connections.
  • APPL-14-000057 The macOS system must limit SSH to FIPS-compliant connections.
  • APPL-14-000060 The macOS system must set account lockout time to 15 minutes.
  • APPL-14-000070 The macOS system must enforce screen saver timeout.
  • APPL-14-000090 The macOS system must disable logon to other user's active and locked sessions.
  • APPL-14-000100 The macOS system must disable root logon.
  • APPL-14-000110 The macOS system must configure SSH ServerAliveInterval option set to 900.
  • APPL-14-000120 The macOS system must configure SSHD Channel Timeout to 900.
  • APPL-14-000130 The macOS system must configure SSHD unused connection timeout to 900.
  • APPL-14-000140 The macOS system must set SSH Active Server Alive Maximum to 0.
  • APPL-14-000160 The macOS system must enforce auto logout after 86400 seconds of inactivity.
  • APPL-14-000170 The macOS system must be configured to use an authorized time server.
  • APPL-14-000180 The macOS system must enable time synchronization daemon.
  • APPL-14-001001 The macOS system must be configured to audit all administrative action events.
  • APPL-14-001002 The macOS system must be configured to audit all log on and log out events.
  • APPL-14-001003 The macOS system must enable security auditing.
  • APPL-14-001010 The macOS system must configure system to shut down upon audit failure.
  • APPL-14-001012 The macOS system must configure audit log files to be owned by root.
  • APPL-14-001013 The macOS system must configure audit log folders to be owned by root.
  • APPL-14-001014 The macOS system must configure audit log files group to wheel.
  • APPL-14-001015 The macOS system must configure audit log folders group to wheel.
  • APPL-14-001016 The macOS system must configure audit log files to mode 440 or less permissive.
  • APPL-14-001017 The macOS system must configure audit log folders to mode 700 or less permissive.
  • APPL-14-001020 The macOS system must be configured to audit all deletions of object attributes.
  • APPL-14-001021 The macOS system must be configured to audit all changes of object attributes.
  • APPL-14-001022 The macOS system must be configured to audit all failed read actions on the system.
  • APPL-14-001023 The macOS system must be configured to audit all failed write actions on the system.
  • APPL-14-001024 The macOS system must be configured to audit all failed program execution on the system.
  • APPL-14-001029 The macOS system must configure audit retention to seven days.
  • APPL-14-001030 The macOS system must configure audit capacity warning.
  • APPL-14-001031 The macOS system must configure audit failure notification.
  • APPL-14-001044 The macOS system must configure the system to audit all authorization and authentication events.
  • APPL-14-001060 The macOS system must set smart card certificate trust to moderate.
  • APPL-14-001100 The macOS system must disable root logon for SSH.
  • APPL-14-001110 The macOS system must configure audit_control group to wheel.
  • APPL-14-001120 The macOS system must configure audit_control owner to root.
  • APPL-14-001130 The macOS system must configure audit_control to mode 440 or less permissive.
  • APPL-14-001140 The macOS system must configure audit_control to not contain access control lists.
  • APPL-14-001150 The macOS system must disable password authentication for SSH.
  • APPL-14-002001 The macOS system must disable Server Message Block sharing.
  • APPL-14-002003 The macOS system must disable Network File System service.
  • APPL-14-002004 The macOS system must disable Location Services.
  • APPL-14-002005 The macOS system must disable Bonjour multicast.
  • APPL-14-002006 The macOS system must disable Unix-to-Unix Copy Protocol service.
  • APPL-14-002007 The macOS system must disable Internet Sharing.
  • APPL-14-002008 The macOS system must disable the built-in web server.
  • APPL-14-002009 The macOS system must disable AirDrop.
  • APPL-14-002010 The macOS system must disable FaceTime.app.
  • APPL-14-002012 The macOS system must disable the iCloud Calendar services.
  • APPL-14-002013 The macOS system must disable iCloud Reminders.
  • APPL-14-002014 The macOS system must disable iCloud Address Book.
  • APPL-14-002015 The macOS system must disable iCloud Mail.
  • APPL-14-002016 The macOS system must disable iCloud Notes.
  • APPL-14-002017 The macOS system must disable the camera.
  • APPL-14-002020 The macOS system must disable Siri.
  • APPL-14-002021 The macOS system must disable sending diagnostic and usage data to Apple.
  • APPL-14-002022 The macOS system must disable Remote Apple Events.
  • APPL-14-002035 The macOS system must disable Apple ID setup during Setup Assistant.
  • APPL-14-002036 The macOS system must disable Privacy Setup services during Setup Assistant.
  • APPL-14-002037 The macOS system must disable iCloud Storage Setup during Setup Assistant.
  • APPL-14-002038 The macOS system must disable Trivial File Transfer Protocol service.
  • APPL-14-002039 The macOS system must disable Siri Setup during Setup Assistant.
  • APPL-14-002040 The macOS system must disable iCloud Keychain synchronization.
  • APPL-14-002041 The macOS system must disable iCloud Document synchronization.
  • APPL-14-002042 The macOS system must disable iCloud Bookmarks.
  • APPL-14-002043 The macOS system must disable iCloud Photo Library.
  • APPL-14-002050 The macOS system must disable Screen Sharing and Apple Remote Desktop.
  • APPL-14-002051 The macOS system must disable the TouchID System Settings pane.
  • APPL-14-002052 The macOS system must disable the System Settings pane for Wallet and Apple Pay.
  • APPL-14-002053 The macOS system must disable the system settings pane for Siri.
  • APPL-14-002060 The macOS system must apply gatekeeper settings to block applications from unidentified developers.
  • APPL-14-002062 The macOS system must disable Bluetooth when no approved device is connected.
  • APPL-14-002063 The macOS system must disable the guest account.
  • APPL-14-002064 The macOS system must enable Gatekeeper.
  • APPL-14-002066 The macOS system must disable unattended or automatic log on to the system.
  • APPL-14-002068 The macOS system must secure user's home folders.
  • APPL-14-002069 The macOS system must require administrator privileges to modify systemwide settings.
  • APPL-14-002080 The macOS system must disable Airplay Receiver.
  • APPL-14-002090 The macOS system must disable TouchID for unlocking the device.
  • APPL-14-002100 The macOS system must disable Media Sharing.
  • APPL-14-002110 The macOS system must disable Bluetooth sharing.
  • APPL-14-002120 The macOS system must disable AppleID and Internet Account modifications.
  • APPL-14-002130 The macOS system must disable CD/DVD Sharing.
  • APPL-14-002140 The macOS system must disable content caching service.
  • APPL-14-002150 The macOS system must disable iCloud desktop and document folder synchronization.
  • APPL-14-002160 The macOS system must disable iCloud Game Center.
  • APPL-14-002170 The macOS system must disable iCloud Private Relay.
  • APPL-14-002180 The macOS system must disable Find My service.
  • APPL-14-002190 The macOS system must disable password autofill.
  • APPL-14-002200 The macOS system must disable personalized advertising.
  • APPL-14-002210 The macOS system must disable sending Siri and Dictation information to Apple.
  • APPL-14-002220 The macOS system must enforce on device dictation.
  • APPL-14-002230 The macOS system must disable dictation.
  • APPL-14-002240 The macOS system must disable Printer Sharing.
  • APPL-14-002250 The macOS system must disable Remote Management.
  • APPL-14-002260 The macOS system must disable the Bluetooth system settings pane.
  • APPL-14-002270 The macOS system must disable the iCloud Freeform services.
  • APPL-14-003001 The macOS system must issue or obtain public key certificates from an approved service provider.
  • APPL-14-003007 The macOS system must require passwords contain a minimum of one numeric character.
  • APPL-14-003008 The macOS system must restrict maximum password lifetime to 60 days.
  • APPL-14-003010 The macOS system must require a minimum password length of 14 characters.
  • APPL-14-003011 The macOS system must require passwords contain a minimum of one special character.
  • APPL-14-003012 The macOS system must disable password hints.
  • APPL-14-003013 The macOS system must enable firmware password.
  • APPL-14-003014 The macOS system must remove password hints from user accounts.
  • APPL-14-003020 The macOS system must enforce smart card authentication.
  • APPL-14-003030 The macOS system must allow smart card authentication.
  • APPL-14-003050 The macOS system must enforce multifactor authentication for logon.
  • APPL-14-003051 The macOS system must enforce multifactor authentication for the su command.
  • APPL-14-003052 The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.
  • APPL-14-003060 The macOS system must require passwords contain a minimum of one lowercase character and one uppercase character.
  • APPL-14-003070 The macOS system must set minimum password lifetime to 24 hours.
  • APPL-14-003080 The macOS system must disable accounts after 35 days of inactivity.
  • APPL-14-004001 The macOS system must configure Apple System Log files to be owned by root and group to wheel.
  • APPL-14-004002 The macOS system must configure Apple System Log files to mode 640 or less permissive.
  • APPL-14-004022 The macOS system must require users to reauthenticate for privilege escalation when using the \"sudo\" command.
  • APPL-14-004030 The macOS system must configure system log files to be owned by root and group to wheel.
  • APPL-14-004040 The macOS system must configure system log files to mode 640 or less permissive.
  • APPL-14-004050 The macOS system must configure install.log retention to 365.
  • APPL-14-004060 The macOS system must configure sudoers timestamp type.
  • APPL-14-005001 The macOS system must ensure System Integrity Protection is enabled.
  • APPL-14-005020 The macOS system must enforce FileVault.
  • APPL-14-005050 The macOS system must enable the application firewall.
  • APPL-14-005052 The macOS system must configure login window to prompt for username and password.
  • APPL-14-005054 The macOS system must disable TouchID prompt during Setup Assistant.
  • APPL-14-005055 The macOS system must disable Screen Time prompt during Setup Assistant.
  • APPL-14-005056 The macOS system must disable Unlock with Apple Watch during Setup Assistant.
  • APPL-14-005058 The macOS system must disable Handoff.
  • APPL-14-005060 The macOS system must disable proximity-based password sharing requests.
  • APPL-14-005061 The macOS system must disable Erase Content and Settings.
  • APPL-14-005070 The macOS system must enable Authenticated Root.
  • APPL-14-005080 The macOS system must prohibit user installation of software into /users/.
  • APPL-14-005090 The macOS system must authorize USB devices before allowing connection.
  • APPL-14-005100 The macOS system must ensure secure boot level set to full.
  • APPL-14-005110 The macOS system must enforce enrollment in mobile device management.
  • APPL-14-005120 The macOS system must enable recovery lock.
  • APPL-14-005130 The macOS system must enforce installation of XProtect Remediator and Gatekeeper updates automatically.
  • DISA_STIG_Apple_macOS_14_Sonoma_v2r3.audit from DISA Apple macOS 14 (Sonoma) v2r3 STIG