| Monterey - Allow Smartcard Authentication | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Apply Gatekeeper Settings to Block Applications from Unidentified Developers | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Automatically Remove or Disable Emergency Accounts within 72 Hours | ACCESS CONTROL |
| Monterey - Automatically Remove or Disable Temporary User Accounts within 72 Hours | ACCESS CONTROL |
| Monterey - Configure Audit Log Files Group to Wheel | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Files to be Owned by Root | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Files to Mode 440 or Less Permissive | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Files to Not Contain Access Control Lists | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Configure Audit Log Folder to Not Contain Access Control Lists | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders Group to Wheel | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders to be Owned by Root | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders to Mode 700 or Less Permissive | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Retention to a Minimum of Seven Days | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Automated Flaw Remediation | SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Configure Gatekeeper to Disallow End User Override | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Configure Login Window to Prompt for Username and Password | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Configure macOS to Use an Authorized Time Server | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure SSH ServerAliveInterval option set to 900 or less | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Configure Sudoers to Authenticate Users on a Per -tty Basis | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Configure System to Audit All Administrative Action Events | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Configure System to Audit All Authorization and Authentication Events | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Configure System to Audit All Failed Change of Object Attributes | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Configure System to Audit All Failed Program Execution on the System | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Read Actions on the System | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Configure System to Audit All Failed Write Actions on the System | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Shut Down Upon Audit Failure | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure the System for Nonlocal Maintenance | MAINTENANCE |
| Monterey - Configure the System to Block Non-Privileged Users from Executing Privileged Functions | ACCESS CONTROL |
| Monterey - Configure the System to Implement Approved Cryptography to Protect Information | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Configure the System to Notify upon Account Created Actions | ACCESS CONTROL |
| Monterey - Configure the System to Notify upon Account Disabled Actions | ACCESS CONTROL |
| Monterey - Configure the System to Notify upon Account Enabled Actions | ACCESS CONTROL |
| Monterey - Configure the System to Notify upon Account Modified Actions | ACCESS CONTROL |
| Monterey - Configure the System to Notify upon Account Removed Actions | ACCESS CONTROL |
| Monterey - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Configure the System to Protect Memory from Unauthorized Code Execution | SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Configure the System to Separate User and System Functionality - separate | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Configure the System to Uniquely Identify and Authenticate Non-Organizational Users | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Configure User Session Lock When a Smart Token is Removed | ACCESS CONTROL |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Accounts after 35 Days of Inactivity | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable AirDrop | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Apple ID Setup during Setup Assistant | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Bluetooth Sharing | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Bluetooth When no Approved Device is Connected | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Bonjour Multicast | CONFIGURATION MANAGEMENT |
| Monterey - Disable Calendar.app | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Content Caching Service | CONFIGURATION MANAGEMENT |
| Monterey - Disable FaceTime.app | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
