| 1.4 Enable system data files and security update installs - ConfigDataInstall | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Disable Bluetooth, if no paired devices exist | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |
| 2.2.1 Enable "Set time and date automatically" | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Restrict NTP server to loopback interface | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 Secure screen saver corners - bottom left corner | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | ACCESS CONTROL |
| 2.3.4 Set a screen corner to Start Screen Saver | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 2.4.2 Disable Internet Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.1 Enable FileVault - Encryption Type | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.4 Enable Firewall Stealth Mode | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6 Enable Location Services | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.11 Java 6 is not the default Java runtime | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure ftp server is not running | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.3 Complex passwords must contain an Alphabetic Character | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.5 Complex passwords must contain a Symbolic Character | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4 Automatically lock the login keychain for inactivity | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5 Ensure login keychain is locked when the computer sleeps | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7 Do not enable the "root" account | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 5.9 Require a password to wake the computer from sleep or screen saver | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 5.13 Create a Login window banner | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | ACCESS CONTROL |
| 6.1.3 Disable guest account login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 6.2 Turn on filename extensions | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 7.2 iSight Camera Privacy and Confidentiality Concerns | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 7.4 Software Inventory Considerations | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 7.5 Firewall Consideration | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| AOSX-13-000005 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000065 - The macOS system must be configured with Bluetooth turned off unless approved by the organization. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000142 - The macOS system must be configured to disable the Network File System (NFS) lock daemon unless it is required. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000195 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system - 'Banner file' | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000230 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-13-000240 - The macOS system must enable System Integrity Protection. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000295 - The macOS system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000505 - The macOS system must be configured to disable the iCloud Calendar services. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000510 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000521 - The macOS system must be configured to disable the system preference pane for Internet Accounts. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000522 - The macOS system must be configured to disable the system preference pane for Siri. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000554 - The macOS system must not have a guest account - Guest account | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000555 - The macOS system must unload tftpd. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000556 - The macOS system must disable Siri pop-ups. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000560 - The macOS system must disable iCloud bookmark synchronization. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000561 - The macOS system must disable iCloud Photo Library - allowCloudPhotoLibrary | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000562 - The macOS system must disable iCloud Desktop And Documents. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000585 - The macOS system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000587 - The macOS system must enforce password complexity by requiring that at least one special character be used. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000605 - The macOS system must not use telnet. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-13-000710 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopers | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000722 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
