| 1.6 Ensure Install Security Responses and System Files Is Enabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.6 Ensure Install Security Responses and System Files Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.6 Ensure Install Security Responses and System Files Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.6 Ensure Install Security Responses and System Files Is Enabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.8 Ensure 'Attachment Filtering Agent' is configured | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.4.8 Ensure File Sharing Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| APPL-11-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000004 - The macOS system must initiate a session lock after a 15-minute period of inactivity. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000007 - The macOS system must be configured to disable hot corners - top right | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000031 - The macOS system must be configured so that log folders must not contain access control lists (ACLs). | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001016 - The macOS system must be configured with audit log files set to mode 440 or less permissive. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fm | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-11-001044 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-002013 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002015 - The macOS system must be configured to disable the Mail iCloud services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002020 - The macOS system must be configured to disable Siri and dictation - Ironwood Allowed | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002043 - The macOS system must disable iCloud photo library. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002051 - The macOS system must be configured to disable the system preference pane for TouchID - DisabledPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002051 - The macOS system must be configured to disable the system preference pane for TouchID - HiddenPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - HiddenPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002053 - The macOS system must be configured to disable the system preference pane for Siri - DisabledPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisableBluetooth | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - HiddenPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002067 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-005050 - The macOS Application Firewall must be enabled - EnableStealthMode | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-005051 - The macOS system must restrict the ability of individuals to use USB storage devices. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-13-002005 - The macOS system must be configured to disable Bonjour multicast advertising. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002020 - The macOS system must be configured to disable Siri and dictation. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002038 - The macOS system must be configured to disable the "tftp" service. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-002041 - The macOS system must disable iCloud Document synchronization. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002043 - The macOS system must disable the iCloud Photo Library. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002051 - The macOS system must be configured to disable the system preference pane for TouchID and Password. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-005051 - The macOS system must restrict the ability of individuals to use USB storage devices. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-005054 - The macOS system must be configured to disable prompts to configure Touch ID. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
