| AOSX-13-000590 - The macOS system must enforce a minimum 15-character password length. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessment | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000780 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000835 - The macOS system must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously where HBSS is used; 30 days for any additional internal network scans not covered by HBSS; and annually for external scans by Computer Network Defense Service Provider (CNDSP). | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-13-000862 - The macOS system must be configured to not allow iTunes file sharing. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000930 - The macOS system logon window must be configured to prompt for username and password, rather than show a list of users. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000950 - The macOS firewall must have logging enabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000965 - The macOS system must be configured with Bluetooth Sharing disabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000995 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-001125 - The macOS system must be configured with the prompt for Apple ID and iCloud disabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-001145 - All setuid executables on the macOS system must be documented. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-001324 - The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-001465 - The macOS system must use a DoD antivirus program. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-002106 - The macOS system must be configured with system log files set to mode 640 or less permissive - newsyslog | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-13-362149 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000007 - The macOS system must be configured to disable hot corners - bottom left | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner file | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs). | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| AOSX-14-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - DisableFDEAutologin | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - FileVault User | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - SSHD service disabled | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-14-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AOSX-14-001012 - The macOS system must be configured with audit log files owned by root. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001013 - The macOS system must be configured with audit log folders owned by root. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001015 - The macOS system must be configured with audit log folders group-owned by wheel. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| AOSX-14-001044 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-002005 - The macOS system must be configured to disable Bonjour multicast advertising. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-002020 - The macOS system must be configured to disable Siri and dictation - Ironwood Allowed | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002032 - The macOS system must be configured to disable the system preference pane for Internet Accounts - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002038 - The macOS system must be configured to disable the tftpd service. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002054 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - Access Control List | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User subdirectory Public permissions | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-003002 - The macOS system must enable certificate for smartcards. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - ChallengeResponseAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | MAINTENANCE |
| AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - PasswordAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | MAINTENANCE |
| AOSX-14-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - ASL | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-14-004020 - The macOS system must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-005050 - The macOS Application Firewall must be enabled. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
