| AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-tr-corner | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000007 - The macOS system must be configured to prevent Apple Watch from terminating a session lock. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000025 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-13-000105 - The macOS system must be configured with automatic actions disabled for video DVDs. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000142 - The macOS system must be configured to disable the Network File System (NFS) lock daemon unless it is required. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000187 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000200 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000333 - The macOS system must be configured with audit log files group-owned by wheel. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000337 - The macOS system must be configured so that log files must not contain access control lists (ACLs). | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000507 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000518 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000523 - The macOS system must be configured to disable Siri and dictation. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000545 - The macOS system must be configured to disable Bonjour multicast advertising. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000550 - The macOS system must be configured to disable the UUCP service. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000560 - The macOS system must disable iCloud bookmark synchronization. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000561 - The macOS system must disable iCloud Photo Library - allowCloudPhotoLibrary | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000587 - The macOS system must enforce password complexity by requiring that at least one special character be used. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000590 - The macOS system must enforce a minimum 15-character password length. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessment | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000780 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000835 - The macOS system must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously where HBSS is used; 30 days for any additional internal network scans not covered by HBSS; and annually for external scans by Computer Network Defense Service Provider (CNDSP). | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-13-000862 - The macOS system must be configured to not allow iTunes file sharing. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000930 - The macOS system logon window must be configured to prompt for username and password, rather than show a list of users. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000020 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-001014 - The macOS system must be configured with audit log files group-owned by wheel. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-002013 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002015 - The macOS system must be configured to disable the Mail iCloud services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-002022 - The macOS system must be configured to disable Remote Apple Events. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002031 - The macOS system must be configured to disable the system preference pane for iCloud. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002038 - The macOS system must be configured to disable the tftp service. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-002040 - The macOS system must disable iCloud Keychain synchronization. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002041 - The macOS system must disable iCloud document synchronization. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002050 - The macOS system must disable the Screen Sharing feature. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002053 - The macOS system must be configured to disable the system preference pane for Siri - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002060 - The macOS system must allow only applications that have a valid digital signature to run - SPApplicationsDataType | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003050 - The macOS system must be configured so that the login command requires smart card authentication. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - ASL | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - Newsyslog | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-005050 - The macOS Application Firewall must be enabled. - EnableStealthMode | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| DISA_STIG_Apple_macOS_12_v1r9.audit from DISA Apple macOS 12 (Monterey) v1r9 STIG | DISA STIG Apple macOS 12 v1r9 | Unix | |
