| 1.4 Enable system data files and security update installs - 'ConfigDataInstall' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5 Enable OS X update installs | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Disable Bluetooth 'Discoverable' mode when not pairing devices | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Enable 'Set time and date automatically' | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.2 Secure screen saver corners - bottom left corner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.3.2 Secure screen saver corners - top left corner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.3.3.10 Ensure Media Sharing Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.10 Ensure Media Sharing Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.4 Disable Printer Sharing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.5 Disable Remote Login | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.4.7 Disable Bluetooth Sharing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
| 2.4.12 Ensure Media Sharing Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1 Enable FileVault - Encryption Status | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.5 Review Application Firewall Rules | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.7 Monitor Location Services Access | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 2.7.1 iCloud configuration | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 2.7.2 iCloud keychain | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 2.12 Configure Secure Empty Trash | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2 Enable security auditing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Disable Bonjour advertising service | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure nfs server is not running | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.5 Check Library folder for world writable files | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 5.2.4 Complex passwords must contain a Numeric Character - '1 number' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4 Automatically lock the login keychain for inactivity | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.6 Enable OCSP and CRL certificate checking - CRLStyle | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.10 Require an administrator password to access system-wide preferences | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.13 Create a Login window banner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 5.16 Secure individual keychain and items | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 6.4 Safari disable Internet Plugins for global use | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.5 Use parental controls for systems that are not centrally managed | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| AMLS-L2-000110 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | ACCESS CONTROL |
| AOSX-15-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner file | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000031 - The macOS system must be configured so that log folders must not contain access control lists (ACLs). | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AOSX-15-001014 - The macOS system must be configured with audit log files group-owned by wheel. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001015 - The macOS system must be configured with audit log folders group-owned by wheel. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-002003 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002007 - The macOS system must be configured to disable Internet Sharing. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002023 - The macOS system must be configured to disable the application Calendar. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002038 - The macOS system must be configured to disable the tftp service. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-002040 - The macOS system must disable iCloud Keychain synchronization. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002060 - The macOS system must allow only applications that have a valid digital signature to run - SPApplicationsDataType | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisableBluetooth | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User subdirectory Public Access Control Lists | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003011 - The macOS system must enforce password complexity by requiring that at least one special character be used - allowSimple | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-003011 - The macOS system must enforce password complexity by requiring that at least one special character be used - minComplexChars | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
