Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Verify all Apple provided software is currentCIS Apple OSX 10.9 L1 v1.3.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.3 Enable app update installsCIS Apple OSX 10.9 L1 v1.3.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.4 Enable system data files and security update installs - ConfigDataInstallCIS Apple OSX 10.9 L1 v1.3.0Unix

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Disable Bluetooth, if no paired devices existCIS Apple OSX 10.9 L1 v1.3.0Unix
2.2.1 Enable "Set time and date automatically"CIS Apple OSX 10.9 L2 v1.3.0Unix

AUDIT AND ACCOUNTABILITY

2.2.2 Ensure time set is within appropriate limitsCIS Apple OSX 10.9 L1 v1.3.0Unix

CONFIGURATION MANAGEMENT

2.2.3 Restrict NTP server to loopback interfaceCIS Apple OSX 10.9 L1 v1.3.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.3.2 Secure screen saver corners - bottom left cornerCIS Apple OSX 10.9 L2 v1.3.0Unix

ACCESS CONTROL

2.3.4 Set a screen corner to Start Screen SaverCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

2.4.2 Disable Internet SharingCIS Apple OSX 10.9 L1 v1.3.0Unix

CONFIGURATION MANAGEMENT

2.5.1 Disable "Wake for network access"CIS Apple OSX 10.9 L2 v1.3.0Unix

ACCESS CONTROL

2.5.2 Disable sleeping the computer when connected to powerCIS Apple OSX 10.9 L2 v1.3.0Unix

ACCESS CONTROL

2.6.1 Enable FileVault - Encryption TypeCIS Apple OSX 10.9 L1 v1.3.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.4 Enable Firewall Stealth ModeCIS Apple OSX 10.9 L1 v1.3.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.6 Enable Location ServicesCIS Apple OSX 10.9 L2 v1.3.0Unix

CONFIGURATION MANAGEMENT

2.8.1 Time Machine Auto-BackupCIS Apple OSX 10.9 L2 v1.3.0Unix

CONTINGENCY PLANNING

2.9 Pair the remote control infrared receiver if enabled - 'UIDFilter != none'CIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

2.11 Java 6 is not the default Java runtimeCIS Apple OSX 10.9 L2 v1.3.0Unix

CONFIGURATION MANAGEMENT

2.12 Configure Secure Empty TrashCIS Apple OSX 10.9 L2 v1.3.0Unix

CONFIGURATION MANAGEMENT

3.1.1 Retain system.log for 90 or more daysCIS Apple OSX 10.9 L1 v1.3.0Unix

AUDIT AND ACCOUNTABILITY

3.1.3 Retain authd.log for 90 or more daysCIS Apple OSX 10.9 L1 v1.3.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes'CIS Apple OSX 10.9 L1 v1.3.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed administrative events'CIS Apple OSX 10.9 L1 v1.3.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events'CIS Apple OSX 10.9 L1 v1.3.0Unix

AUDIT AND ACCOUNTABILITY

3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events'CIS Apple OSX 10.9 L1 v1.3.0Unix

AUDIT AND ACCOUNTABILITY

4.1 Disable Bonjour advertising serviceCIS Apple OSX 10.9 L2 v1.3.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Ensure ftp server is not runningCIS Apple OSX 10.9 L1 v1.3.0Unix

CONFIGURATION MANAGEMENT

5.1.2 Repair permissions regularly to ensure binaries and other System files have appropriate permissionsCIS Apple OSX 10.9 L1 v1.3.0Unix

CONFIGURATION MANAGEMENT

5.1.3 Check System Wide Applications for appropriate permissionsCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

5.1.4 Check System folder for world writable filesCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

5.2.1 Configure account lockout thresholdCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

5.2.3 Complex passwords must contain an Alphabetic CharacterCIS Apple OSX 10.9 L1 v1.3.0Unix

IDENTIFICATION AND AUTHENTICATION

5.2.5 Complex passwords must contain a Symbolic CharacterCIS Apple OSX 10.9 L1 v1.3.0Unix

IDENTIFICATION AND AUTHENTICATION

5.4 Automatically lock the login keychain for inactivityCIS Apple OSX 10.9 L2 v1.3.0Unix

IDENTIFICATION AND AUTHENTICATION

5.5 Ensure login keychain is locked when the computer sleepsCIS Apple OSX 10.9 L2 v1.3.0Unix

IDENTIFICATION AND AUTHENTICATION

5.7 Do not enable the "root" accountCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

5.9 Require a password to wake the computer from sleep or screen saverCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

5.12 Create a custom message for the Login ScreenCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

5.13 Create a Login window bannerCIS Apple OSX 10.9 L2 v1.3.0Unix

ACCESS CONTROL

5.15 Disable Fast User SwitchingCIS Apple OSX 10.9 L2 v1.3.0Unix

ACCESS CONTROL

6.1.3 Disable guest account loginCIS Apple OSX 10.9 L1 v1.3.0Unix

ACCESS CONTROL

6.2 Turn on filename extensionsCIS Apple OSX 10.9 L1 v1.3.0Unix

SYSTEM AND INFORMATION INTEGRITY

7.2 iSight Camera Privacy and Confidentiality ConcernsCIS Apple OSX 10.9 L2 v1.3.0Unix
7.4 Software Inventory ConsiderationsCIS Apple OSX 10.9 L2 v1.3.0Unix
7.5 Firewall ConsiderationCIS Apple OSX 10.9 L2 v1.3.0Unix
AOSX-13-000005 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image.DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-000065 - The macOS system must be configured with Bluetooth turned off unless approved by the organization.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000142 - The macOS system must be configured to disable the Network File System (NFS) lock daemon unless it is required.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-13-000195 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system - 'Banner file'DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL

AOSX-13-000230 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).DISA STIG Apple Mac OSX 10.13 v2r5Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY