Revision 1.2Jul 24, 2018
Informational Update
- AOSX-09-000110 - The operating system must automatically remove or disable temporary user accounts after 72 hours.
- AOSX-09-000115 - The operating system must be configured such that emergency administrator accounts are never automatically disabled.
- AOSX-09-000155 - The system firewall must be configured with a default-deny policy.
- AOSX-09-000335 - Audit log files permissions must have mode 440 or less permissive.
- AOSX-09-000336 - Audit log folders must have mode 700 or less permissive.
- AOSX-09-000337 - Log files must not contain ACLs.
- AOSX-09-000338 - Log folders must not contain ACLs.
- AOSX-09-000750 - System must issue or obtain public key certificates under an appropriate certificate policy.
- AOSX-09-000780 - The operating system must protect the confidentiality and integrity of all information at rest.
- AOSX-09-000785 - System must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest.
- AOSX-09-000786 - System must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest.
- AOSX-09-000835 - System must employ automated mechanisms to determine the state of system components with regard to flaw remediation.
- AOSX-09-001235 - Unused network devices must be disabled.
- AOSX-09-001240 - System Preferences must be securely configured so IPv6 is turned off if not being used.
- AOSX-09-001465 - System must employ automated mechanisms to detect the presence of unauthorized software.
- AOSX-09-002055 - All users must use PKI authentication for login and privileged access.
Miscellaneous
- Metadata updated.
- Platform check updated.
- References updated.
Added
- DISA_STIG_MacOSX_10.9_v1r2.audit
