NIST macOS Monterey v1.0.0 - 800-53r5 Moderate

Audit Details

Name: NIST macOS Monterey v1.0.0 - 800-53r5 Moderate

Updated: 4/25/2022

Authority: TNS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 176

File Details

Filename: NIST_macOS_Monterey_800-53r5_moderate_v1.0.0.audit

Size: 278 kB

MD5: 3ddb1be189c744199d8961604b0ed84c
SHA256: 6e0e579c1bb6e6a5f33c738c5b656ef74dcf2ba0c431be6a3d649ac40222255e

Audit Items

DescriptionCategories
Monterey - Access Control for Mobile Devices

ACCESS CONTROL

Monterey - Allow Smartcard Authentication

IDENTIFICATION AND AUTHENTICATION

Monterey - Apply Gatekeeper Settings to Block Applications from Unidentified Developers

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Monterey - Audit Record Reduction and Report Generation - processing

AUDIT AND ACCOUNTABILITY

Monterey - Audit Record Reduction and Report Generation - reduction

AUDIT AND ACCOUNTABILITY

Monterey - Automatically Remove or Disable Emergency Accounts within 72 Hours

ACCESS CONTROL

Monterey - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours

ACCESS CONTROL

Monterey - Automatically Remove or Disable Temporary User Accounts within 72 Hours

ACCESS CONTROL

Monterey - Configure Apple System Log Files Owned by Root and Group to Wheel

SYSTEM AND INFORMATION INTEGRITY

Monterey - Configure Apple System Log Files To Mode 640 or Less Permissive

SYSTEM AND INFORMATION INTEGRITY

Monterey - Configure Audit Failure Notification

AUDIT AND ACCOUNTABILITY

Monterey - Configure Audit Log Files Group to Wheel

AUDIT AND ACCOUNTABILITY

Monterey - Configure Audit Log Files to be Owned by Root

AUDIT AND ACCOUNTABILITY

Monterey - Configure Audit Log Files to Mode 440 or Less Permissive

AUDIT AND ACCOUNTABILITY

Monterey - Configure Audit Log Files to Not Contain Access Control Lists

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

Monterey - Configure Audit Log Folder to Not Contain Access Control Lists

AUDIT AND ACCOUNTABILITY

Monterey - Configure Audit Log Folders Group to Wheel

AUDIT AND ACCOUNTABILITY

Monterey - Configure Audit Log Folders to be Owned by Root

AUDIT AND ACCOUNTABILITY

Monterey - Configure Audit Log Folders to Mode 700 or Less Permissive

AUDIT AND ACCOUNTABILITY

Monterey - Configure Audit Retention to a Minimum of Seven Days

AUDIT AND ACCOUNTABILITY

Monterey - Configure Automated Flaw Remediation

SYSTEM AND INFORMATION INTEGRITY

Monterey - Configure Gatekeeper to Disallow End User Override

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

Monterey - Configure Login Window to Prompt for Username and Password

IDENTIFICATION AND AUTHENTICATION

Monterey - Configure macOS to Use an Authorized Time Server

AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Configure SSH ServerAliveInterval option set to 900 or less

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Configure Sudoers to Authenticate Users on a Per -tty Basis

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

Monterey - Configure System Log Files Owned by Root and Group to Wheel

SYSTEM AND INFORMATION INTEGRITY

Monterey - Configure System Log Files to Mode 640 or Less Permissive

SYSTEM AND INFORMATION INTEGRITY

Monterey - Configure System to Audit All Administrative Action Events

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Authorization and Authentication Events

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Deletions of Object Attributes

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Failed Change of Object Attributes

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Failed Program Execution on the System

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

Monterey - Configure System to Audit All Failed Read Actions on the System

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Failed Write Actions on the System

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE

Monterey - Configure System to Audit All Log In and Log Out Events

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE

Monterey - Configure System to Shut Down Upon Audit Failure

AUDIT AND ACCOUNTABILITY

Monterey - Configure the System for Nonlocal Maintenance

MAINTENANCE

Monterey - Configure the System to Block Non-Privileged Users from Executing Privileged Functions

ACCESS CONTROL

Monterey - Configure the System to Implement Approved Cryptography to Protect Information

SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources

SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Configure the System to Protect Memory from Unauthorized Code Execution

SYSTEM AND INFORMATION INTEGRITY

Monterey - Configure the System to Separate User and System Functionality - separate

MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users

IDENTIFICATION AND AUTHENTICATION

Monterey - Configure User Session Lock When a Smart Token is Removed

ACCESS CONTROL

Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy

ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

Monterey - Disable Accounts after 35 Days of Inactivity

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Monterey - Disable AirDrop

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Monterey - Disable Airplay Receiver

CONFIGURATION MANAGEMENT

Monterey - Disable Apple ID Setup during Setup Assistant

ACCESS CONTROL, CONFIGURATION MANAGEMENT