| 1.2 Ensure Download New Updates When Available Is Enabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Ensure Install of macOS Updates Is Enabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure Time Is Set Within Appropriate Limits | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL |
| 2.3.3.2 Ensure File Sharing Is Disabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.2 Ensure Screen Sharing Is Disabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.4 Ensure Printer Sharing Is Disabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.5 Ensure Remote Management Is Disabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.6 Ensure Remote Management Is Disabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.10 Ensure Bluetooth Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.11 Ensure Bluetooth Sharing Is Disabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.3 Ensure Screen Sharing Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.9 Ensure Remote Management Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.11 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.2 Ensure Listen for (Siri) Is Disabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.2.2 Ensure Listen for (Siri) Is Disabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.8 Ensure a Custom Message for the Login Screen Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.9 Ensure an Administrator Password Is Required to Access System-Wide Preferences | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.10 Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.8.1 Ensure Wake for Network Access Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.8.3 Ensure Power Nap Is Disabled for Intel Macs | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.10.2 Ensure Require Password After Screen Saver Begins or Display Is Turned Off Is Enabled for 5 Seconds or Immediately | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.12.1 Ensure Users' Accounts Do Not Have a Password Hint | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.15.1 Audit Notification Settings | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - all_max | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Ensure Access to Audit Records Is Controlled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Ensure Access to Audit Records Is Controlled - /etc/security/audit_control | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3 Ensure NFS Server Is Disabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure NFS Server Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure NFS Server Is Disabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1.5 Ensure No World Writable Files Exist in the System Folder | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.6 Ensure No World Writable Folders Exist in the System Folder | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1 Ensure Password Account Lockout Threshold Is Configured | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL |
| 5.2.2 Ensure Password Minimum Length Is Configured | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure all user storage APFS volumes are encrypted | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | ACCESS CONTROL |
| 5.6 Ensure the "root" Account Is Disabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.7 Ensure an Administrator Account Cannot Log In to Another User's Active and Locked Session | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL |
| 6.1.1 Ensure Login Window Displays as Name and Password Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1.2 Ensure Show Password Hints Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1.4 Ensure Guest Access to Shared Folders Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.5 Ensure the Guest Home Folder Does Not Exist | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.3.7 Ensure Show Full Website Address in Safari Is Enabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.7 Ensure Show Full Website Address in Safari Is Enabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.7 Ensure Show Full Website Address in Safari Is Enabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4.1 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.4.1 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
