| AOSX-13-000006 - The macOS system must be configured to disable hot corners - wvous-bl-corner | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000030 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-13-000050 - The macOS system must be configured to disable rshd service. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-13-000075 - The macOS system must be configured with Infrared [IR] support disabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000085 - The macOS system must be configured with automatic actions disabled for blank CDs. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000140 - The macOS system must be configured to disable Apple File (AFP) Sharing. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000143 - The macOS system must be configured to disable the Network File System (NFS) stat daemon unless it is required. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000230 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-13-000430 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000517 - The macOS system must be configured to disable the iCloud Notes services. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000520 - The macOS system must be configured to disable the system preference pane for iCloud. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000552 - The macOS system must obtain updates from a DoD-approved update server. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000554 - The macOS system must not have a guest account - Guest account | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000554 - The macOS system must not have a guest account - Guest fdesetup | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000555 - The macOS system must unload tftpd. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000558 - The macOS system must disable iCloud Keychain synchronization. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000561 - The macOS system must disable iCloud Photo Library - com.apple.preferences.icloud | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000605 - The macOS system must not use telnet. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-13-000722 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000925 - The macOS system must not allow an unattended or automatic logon to the system. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-001110 - The macOS system must be configured with all public directories owned by root or an application account. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-001195 - The macOS system must not accept source-routed IPv4 packets. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-001270 - The macOS system must be configured to disable Internet Sharing. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-001325 - The macOS system must enforce account lockout after the limit of three consecutive invalid logon attempts by a user. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-001327 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-002107 - The macOS system must be configured with access control lists (ACLs) for system log files to be set correctly - asl | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-13-030014 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-14-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-15-000024 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| AOSX-15-001044 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-002002 - The macOS system must be configured to disable Apple File (AFP) Sharing. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002008 - The macOS system must be configured to disable Web Sharing. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002020 - The macOS system must be configured to disable Siri and dictation - Assistant Allowed | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002020 - The macOS system must be configured to disable Siri and dictation - Ironwood Allowed | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002023 - The macOS system must be configured to disable the application Calendar. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002032 - The macOS system must be configured to disable the system preference pane for Internet Accounts - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002051 - The macOS system must be configured to disable the system preference pane for TouchID - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisableBluetooth | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - Access Control List | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory groups | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory home permissions | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User subdirectory Public Access Control Lists | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-003011 - The macOS system must enforce password complexity by requiring that at least one special character be used - minComplexChars | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-003012 - The macOS system must be configured to prevent displaying password hints. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003051 - The macOS system must be configured so that the su command requires smart card authentication. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
