Item Search

Name	Audit Name	Plugin	Category
1.4 Enable system data files and security update installs - 'CriticalUpdateInstall'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND INFORMATION INTEGRITY
1.5 Enable OS X update installs	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND INFORMATION INTEGRITY
2.1.1 Disable Bluetooth, if no paired devices exist	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix
2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
2.7.3 iCloud Drive	CIS Apple OSX 10.10 Yosemite L2 v1.2.0	Unix
2.8.2 Time Machine Volumes Are Encrypted	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
2.9 Pair the remote control infrared receiver if enabled - 'DeviceEnabled = 1'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	AUDIT AND ACCOUNTABILITY
4.2 Enable 'Show Wi-Fi status in menu bar'	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
4.5 Ensure ftp server is not running	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
5.1.1 Secure Home Folders	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	CONFIGURATION MANAGEMENT
5.1.4 Check System folder for world writable files	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.1.5 Check Library folder for world writable files	CIS Apple OSX 10.10 Yosemite L2 v1.2.0	Unix	ACCESS CONTROL
5.2.1 Configure account lockout threshold	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.2.2 Set a minimum password length	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.2.8 Password History	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.3 Reduce the sudo timeout period	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.12 Create a custom message for the Login Screen	CIS Apple OSX 10.10 Yosemite L1 v1.2.0	Unix	ACCESS CONTROL
5.18 Install an approved tokend for smartcard authentication	CIS Apple OSX 10.10 Yosemite L2 v1.2.0	Unix
AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tl-corner	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	ACCESS CONTROL
AOSX-13-000010 - The macOS system must initiate a session lock after a 15-minute period of inactivity.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	ACCESS CONTROL
AOSX-13-000090 - The macOS system must be configured with automatic actions disabled for blank DVDs.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-000095 - The macOS system must be configured with automatic actions disabled for music CDs.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-000100 - The macOS system must be configured with automatic actions disabled for picture CDs.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-000120 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE
AOSX-13-000139 - The macOS system must be configured to disable SMB File Sharing unless it is required.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-000155 - The macOS system firewall must be configured with a default-deny policy.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT
AOSX-13-000338 - The macOS system must be configured so that log folders must not contain access control lists (ACLs).	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	AUDIT AND ACCOUNTABILITY
AOSX-13-000510 - The macOS system must be configured to disable iCloud Address Book services.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-000551 - The macOS system must disable the Touch ID feature.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
AOSX-13-000850 - The macOS system must restrict the ability of individuals to use USB storage devices - alert	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-000975 - The macOS system must be configured to disable Remote Apple Events.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-001080 - The macOS Application Firewall must be enabled.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-001130 - The macOS system must be configured so that users do not have Apple IDs signed into iCloud.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-001140 - The macOS system must be configured with iTunes Music Sharing disabled.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-001220 - The macOS system must not process Internet Control Message Protocol [ICMP] timestamp requests.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-002060 - The macOS system must be integrated into a directory services infrastructure.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	CONFIGURATION MANAGEMENT
AOSX-13-002085 - The macOS system must enforce a 60-day maximum password lifetime restriction.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	IDENTIFICATION AND AUTHENTICATION
AOSX-13-002090 - The macOS system must prohibit password reuse for a minimum of five generations.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	IDENTIFICATION AND AUTHENTICATION
AOSX-13-002105 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - asl	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	SYSTEM AND INFORMATION INTEGRITY
AOSX-13-002106 - The macOS system must be configured with system log files set to mode 640 or less permissive - asl	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	SYSTEM AND INFORMATION INTEGRITY
AOSX-13-067035 - The macOS system must enable certificate for smartcards.	DISA STIG Apple Mac OSX 10.13 v2r5	Unix	IDENTIFICATION AND AUTHENTICATION
AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - ChallengeResponseAuthentication	DISA STIG Apple Mac OSX 10.15 v1r10	Unix	IDENTIFICATION AND AUTHENTICATION, MAINTENANCE
AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - enforceSmartCard	DISA STIG Apple Mac OSX 10.15 v1r10	Unix	IDENTIFICATION AND AUTHENTICATION, MAINTENANCE
AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - PasswordAuthentication	DISA STIG Apple Mac OSX 10.15 v1r10	Unix	IDENTIFICATION AND AUTHENTICATION, MAINTENANCE
AOSX-15-003052 - The macOS system must be configured so that the sudo command requires smart card authentication.	DISA STIG Apple Mac OSX 10.15 v1r10	Unix	CONFIGURATION MANAGEMENT
AOSX-15-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - Newsyslog	DISA STIG Apple Mac OSX 10.15 v1r10	Unix	SYSTEM AND INFORMATION INTEGRITY
AOSX-15-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis.	DISA STIG Apple Mac OSX 10.15 v1r10	Unix	CONFIGURATION MANAGEMENT
AOSX-15-005051 - The macOS system must restrict the ability to utilize external writable media devices.	DISA STIG Apple Mac OSX 10.15 v1r10	Unix	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search