| 2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs). | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| APPL-12-000031 - The macOS system must be configured so that log folders must not contain access control lists (ACLs). | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less. | DISA STIG Apple macOS 12 v1r9 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001012 - The macOS system must be configured with audit log files owned by root. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-12-001029 - The macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001044 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-002001 - The macOS system must be configured to disable SMB File Sharing unless it is required. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002006 - The macOS system must be configured to disable the UUCP service. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002007 - The macOS system must be configured to disable Internet Sharing. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002008 - The macOS system must be configured to disable Web Sharing. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002012 - The macOS system must be configured to disable the iCloud Calendar services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002020 - The macOS system must be configured to disable Siri and dictation. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002022 - The macOS system must be configured to disable Remote Apple Events. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002035 - The macOS system must be configured to disable the Cloud Setup services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002036 - The macOS system must be configured to disable the Privacy Setup services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002038 - The macOS system must be configured to disable the tftp service. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-002040 - The macOS system must disable iCloud Keychain synchronization. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002042 - The macOS system must disable iCloud bookmark synchronization. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002043 - The macOS system must disable iCloud photo library. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002050 - The macOS system must disable the Screen Sharing feature. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002053 - The macOS system must be configured to disable the system preference pane for Siri. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-002069 - The macOS system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003009 - The macOS system must prohibit password reuse for a minimum of five generations. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003010 - The macOS system must enforce a minimum 15-character password length. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003011 - The macOS system must enforce password complexity by requiring that at least one special character be used. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003012 - The macOS system must be configured to prevent displaying password hints. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-003013 - The macOS system must be configured with a firmware password to prevent access to single user mode and booting from alternative media. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003050 - The macOS system must be configured so that the login command requires smart card authentication. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-003051 - The macOS system must be configured so that the su command requires smart card authentication. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-005050 - The macOS Application Firewall must be enabled. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-005052 - The macOS system logon window must be configured to prompt for username and password, rather than show a list of users. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-005053 - The macOS system must restrict the ability of individuals to write to external optical media. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-005056 - The macOS system must be configured to disable promts to configure Unlock with Watch. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-005058 - The macOS system must be configured to prevent activity continuation between Apple Devices. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Enforce Apple Mobile File Integrity | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Big Sur - Enforce Apple Mobile File Integrity | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Big Sur - Enforce Apple Mobile File Integrity | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Enforce Apple Mobile File Integrity | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | SYSTEM AND INFORMATION INTEGRITY |
