| 2.6.7 Audit Lockdown Mode | CIS Apple macOS 15.0 Sequoia v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| PHTN-67-000001 - The Photon operating system must audit all account creations - groupadd | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000002 - The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000003 - The Photon operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting SSH access - content | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000009 - The Photon operating system must configure sshd to use approved encryption algorithms. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000012 - The Photon operating system must be configured to audit the execution of privileged functions - gid 32 | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PHTN-67-000012 - The Photon operating system must be configured to audit the execution of privileged functions - uid 32 | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PHTN-67-000014 - The Photon operating system audit log must attempt to log audit failures to syslog - disk_full_action | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000018 - The Photon operating system must have the auditd service running. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-67-000020 - The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur - uid 64 | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000026 - The Photon operating system must store only encrypted representations of passwords. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000032 - The Photon operating system must only allow installation of packages signed by VMware. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000033 - The Photon operating system must disable the loading of unnecessary kernel modules - dccp | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000033 - The Photon operating system must disable the loading of unnecessary kernel modules - decnet | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000033 - The Photon operating system must disable the loading of unnecessary kernel modules - rds | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000033 - The Photon operating system must disable the loading of unnecessary kernel modules - tipc | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000038 - The Photon operating system must configure sshd to disconnect idle SSH sessions. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000041 - The Photon operating system /var/log directory must be owned by root. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-67-000042 - The Photon operating system messages file must be owned by root. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-67-000043 - The Photon operating system messages file must have mode 0640 or less permissive. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-67-000045 - The Photon operating system must audit all account modifications - shadow | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000047 - The Photon operating system must audit all account removal actions - userdel | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000050 - The Photon operating system audit files and directories must have correct permissions - auditd | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000050 - The Photon operating system audit files and directories must have correct permissions - aureport | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000051 - The Photon operating system must protect audit tools from unauthorized modification - auditctl | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000054 - The Photon operating system must set an inactivity timeout value for non-interactive sessions - duration | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000054 - The Photon operating system must set an inactivity timeout value for non-interactive sessions - export | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000058 - The Photon operating system must configure auditd to keep five rotated log files. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000060 - The Photon operating system must configure auditd to log space limit problems to syslog. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000064 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000065 - The Photon operating system must require users to reauthenticate for privilege escalation. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000071 - The Photon operating system must generate audit records when the sudo command is used. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000072 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur - lastlog | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000079 - The Photon operating system must ensure root $PATH entries are appropriate. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000086 - The Photon operating system must configure sshd to perform strict mode checking of home directory configuration files. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000090 - The Photon operating system must configure sshd to disallow compression of the encrypted session stream. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000091 - The Photon operating system must configure sshd to display the last login immediately after authentication. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000093 - The Photon operating system must configure sshd to ignore user-specific known_host files. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000095 - The Photon operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line - masked | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000096 - The Photon operating system must be configured so that the /etc/skel default scripts are protected from unauthorized modification - bash_logout | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000097 - The Photon operating system must be configured so that the /root path is protected from unauthorized access. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000098 - The Photon operating system must be configured so that all global initialization scripts are protected from unauthorized modification. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000103 - The Photon operating system must be configured so that all cron paths are protected from unauthorized modification - cron.d | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000111 - The Photon operating system must not perform multicast packet forwarding - net.ipv4.conf.default.mc_forwarding | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000111 - The Photon operating system must not perform multicast packet forwarding - net.ipv4.conf.eth0.mc_forwarding | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000111 - The Photon operating system must not perform multicast packet forwarding - net.ipv6.conf.eth0.mc_forwarding | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000115 - The Photon operating system must be configured to protect the SSH public host key from unauthorized modification. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000117 - The Photon operating system must enforce password complexity on the root account. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000120 - The Photon operating system must protect all sysctl configuration files from unauthorized access. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000123 - The Photon operating system must configure sshd to disallow HostbasedAuthentication. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
