Revision 1.24Jul 24, 2018
Functional Update
- OSX00530 M6 - iTunes Store must be disabled - 'Ping is disabled'
Informational Update
- GEN001680 M6 - All system start-up files must be group-owned by root, sys, bin, other, or system
- GEN006000 M6 - The system must not have a public Instant Messaging (IM) client installed
- GEN006040 M6 - The system must not have any peer-to-peer file-sharing application installed
- GEN008540 M6 - The system's local firewall must implement a deny-all, allow-by-exception policy
- OSX00010 M6 - Unnecessary packages must not be installed
- OSX00015 M6 - Administrator accounts must be created with difficult-to-guess names
- OSX00160 M6 - An antivirus tool must be installed
- OSX00200 M6 - The ability for administrative accounts to unlock screen saver must be disabled
- OSX00400 M6 - System Preferences must be securely configured so IPv6 is turned off if not being used
- OSX00525 M6 - Mail must be configured using SSL
- OSX00540 M6 - iDisk must be removed from Finder sidebar
- OSX00660 M6 - Physical security of the system must meet DoD requirements
- OSX00665 M6 - Shared User Accounts must be disabled
- OSX00675 M6 - System Recovery Backup procedures must be configured to comply with DoD requirements
- OSX00685 M6 - An Emergency Administrator Account must be created
- OSX00690 M6 - Default and Emergency Administrator passwords must be changed when necessary
- OSX00695 M6 - Service account passwords must be changed annually or when a system administrator with knowledge of the password leaves
- OSX00700 M6 - Automatic Screen Saver initiation must be enabled when smart card is removed from machine
- OSX00705 M6 - Spotlight Panel must be securely configured
Miscellaneous
- Metadata updated.
- Platform check updated.
- References updated.
Added
- DISA_STIG_MacOSX_10.6_v1r3.audit
