NIST macOS Big Sur v1.4.0 - All Profiles

Audit Details

Name: NIST macOS Big Sur v1.4.0 - All Profiles

Updated: 9/7/2023

Authority: TNS

Plugin: Unix

Revision: 1.4

Estimated Item Count: 247

File Details

Filename: NIST_macOS_Big_Sur_All_Profiles_v1.4.0.audit

Size: 422 kB

MD5: c755055e83b61995d779bb0e66f6c158
SHA256: b702557c621d05e93c1a6cb2607321333d092ac6cfc98d9d4b1540cce0f8eba6

Audit Items

DescriptionCategories
Big Sur - Access Control for Mobile Devices

ACCESS CONTROL

Big Sur - Alert Audit Processing Failure

AUDIT AND ACCOUNTABILITY

Big Sur - Allow Administrators to Modify Security Settings and System Attributes

ACCESS CONTROL

Big Sur - Allow Administrators to Promote Other Users to Administrator Status

ACCESS CONTROL

Big Sur - Allow Information Transfer with Other Operating Systems

ACCESS CONTROL

Big Sur - Allow Smartcard Authentication

IDENTIFICATION AND AUTHENTICATION

Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified Developers

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Big Sur - Audit Record Reduction and Report Generation - processing

AUDIT AND ACCOUNTABILITY

Big Sur - Audit Record Reduction and Report Generation - reduction

AUDIT AND ACCOUNTABILITY

Big Sur - Automatically Remove or Disable Emergency Accounts within 72 Hours

ACCESS CONTROL

Big Sur - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours

ACCESS CONTROL

Big Sur - Automatically Remove or Disable Temporary User Accounts within 72 Hours

ACCESS CONTROL

Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel

SYSTEM AND INFORMATION INTEGRITY

Big Sur - Configure Apple System Log Files To Mode 640 or Less Permissive

SYSTEM AND INFORMATION INTEGRITY

Big Sur - Configure Audit Capacity Warning

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Failure Notification

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Log Files Group to Wheel

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Log Files to be Owned by Root

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Log Files to Mode 440 or Less Permissive

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Log Files to Not Contain Access Control Lists

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Log Folders Group to Wheel

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Log Folders to be Owned by Root

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Audit Retention to a Minimum of Seven Days

AUDIT AND ACCOUNTABILITY

Big Sur - Configure Automated Flaw Remediation

SYSTEM AND INFORMATION INTEGRITY

Big Sur - Configure Gatekeeper to Disallow End User Override

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Big Sur - Configure Login Window to Prompt for Username and Password

IDENTIFICATION AND AUTHENTICATION

Big Sur - Configure macOS to Use an Authorized Time Server

AUDIT AND ACCOUNTABILITY

Big Sur - Configure SSH ServerAliveInterval option set to 900 or less

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

Big Sur - Configure SSHD ClientAliveInterval option set to 900 or less

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

Big Sur - Configure SSHD to Use Secure Key Exchange Algorithms

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

Big Sur - Configure Sudoers to Authenticate Users on a Per -tty Basis

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

Big Sur - Configure System Log Files Owned by Root and Group to Wheel

SYSTEM AND INFORMATION INTEGRITY

Big Sur - Configure System Log Files to Mode 640 or Less Permissive

SYSTEM AND INFORMATION INTEGRITY

Big Sur - Configure System to Audit All Administrative Action Events

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Big Sur - Configure System to Audit All Authorization and Authentication Events

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Big Sur - Configure System to Audit All Deletions of Object Attributes

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Big Sur - Configure System to Audit All Failed Change of Object Attributes

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Big Sur - Configure System to Audit All Failed Program Execution on the System

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

Big Sur - Configure System to Audit All Failed Read Actions on the System

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Big Sur - Configure System to Audit All Failed Write Actions on the System

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Big Sur - Configure System to Audit All Log In and Log Out Events

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE

Big Sur - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort Fails

SYSTEM AND COMMUNICATIONS PROTECTION

Big Sur - Configure System to Shut Down Upon Audit Failure

AUDIT AND ACCOUNTABILITY

Big Sur - Configure the System for Nonlocal Maintenance

MAINTENANCE

Big Sur - Configure the System to Block Non-Privileged Users from Executing Privileged Functions

ACCESS CONTROL

Big Sur - Configure the System to Implement Approved Cryptography to Protect Information

SYSTEM AND COMMUNICATIONS PROTECTION

Big Sur - Configure the System to Notify upon Account Created Actions

ACCESS CONTROL

Big Sur - Configure the System to Notify upon Account Disabled Actions

ACCESS CONTROL