| 1.1 APPL-14-000001 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.74 APPL-14-002021 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.109 APPL-14-002210 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.145 APPL-14-005056 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000023 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting remote access to the operating system. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 1. | DISA STIG Apple macOS 12 v1r9 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less. | DISA STIG Apple macOS 12 v1r9 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-001016 - The macOS system must be configured with audit log files set to mode 440 or less permissive. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-002003 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002004 - The macOS system must be configured to disable Location Services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002009 - The macOS system must be configured to disable AirDrop. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002013 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002016 - The macOS system must be configured to disable the iCloud Notes services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002066 - The macOS system must not allow an unattended or automatic logon to the system. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive. | DISA STIG Apple macOS 12 v1r9 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-12-005051 - The macOS system must restrict the ability to utilize external writeable media devices. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| APPL-12-005060 - The macOS system must be configured to prevent password proximity sharing requests from nearby Apple Devices. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-002031 - The macOS system must be configured to disable the system preference pane for Apple ID. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-005058 - The macOS system must be configured to prevent activity continuation between Apple devices. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-000001 - The macOS system must prevent Apple Watch from terminating a session lock. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | ACCESS CONTROL |
| APPL-14-002021 - The macOS system must disable sending diagnostic and usage data to Apple. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-14-002210 - The macOS system must disable sending Siri and Dictation information to Apple. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-005056 - The macOS system must disable Unlock with Apple Watch during Setup Assistant. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-000001 - The macOS system must prevent Apple Watch from terminating a session lock. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | ACCESS CONTROL |
| APPL-15-002021 - The macOS system must disable sending diagnostic and usage data to Apple. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-002052 - The macOS system must disable the System Settings pane for Wallet and Apple Pay. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002210 - The macOS system must disable sending Siri and Dictation information to Apple. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-005056 - The macOS system must disable Unlock with Apple Watch during Setup Assistant. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | CONFIGURATION MANAGEMENT |
| APPL-26-000001 - The macOS system must prevent Apple Watch from terminating a session lock. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | ACCESS CONTROL |
| APPL-26-002021 - The macOS system must disable sending diagnostic and usage data to Apple. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-26-002035 - The macOS system must disable Apple ID setup during Setup Assistant. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| APPL-26-002210 - The macOS system must disable sending Siri and Dictation information to Apple. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| APPL-26-005056 - The macOS system must disable Unlock with Apple Watch during Setup Assistant. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| APPL-26-005170 - The macOS system must disable Apple Intelligence during Setup Assistant. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Enforce Apple Mobile File Integrity | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Enforce Apple Mobile File Integrity | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Enforce Apple Mobile File Integrity | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Enforce Apple Mobile File Integrity | NIST macOS Catalina v1.5.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
