| APPL-11-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-000014 - The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS) - Network Time On | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-000014 - The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS) - Network Time Server | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked - minutesUntilFailedLoginReset | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs). | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-000033 - The macOS system must be configured to disable password forwarding for FileVault2. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less. | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001002 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001012 - The macOS system must be configured with audit log files owned by root. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001015 - The macOS system must be configured with audit log folders group-owned by wheel. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fr | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fw | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-11-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-002006 - The macOS system must be configured to disable the UUCP service. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002012 - The macOS system must be configured to disable the iCloud Calendar services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002012 - The macOS system must be configured to disable the iCloud Calendar services. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002020 - The macOS system must be configured to disable Siri and dictation - Assistant Allowed | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002039 - The macOS system must be configured to disable the Siri Setup services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002041 - The macOS system must disable iCloud document synchronization. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002051 - The macOS system must be configured to disable the system preference pane for TouchID - DisabledPreferencePanes | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002053 - The macOS system must be configured to disable the system preference pane for Siri - DisabledPreferencePanes | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002053 - The macOS system must be configured to disable the system preference pane for Siri - HiddenPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisabledPreferencesPanes | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisabledPreferencesPanes | DISA STIG Apple macOS 11 v1r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002063 - The macOS system must enforce access restrictions. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - Access Control List | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User directory permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory Public permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003052 - The macOS system must be configured so that the sudo command requires smart card authentication. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - asl | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-005050 - The macOS Application Firewall must be enabled - EnableStealthMode | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000023 - The macOS system must display the Standard Mandatory DOD Notice and Consent Banner before granting remote access to the operating system. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-13-001014 - The macOS system must be configured with audit log files group-owned by wheel. | DISA STIG Apple macOS 13 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-13-001016 - The macOS system must be configured with audit log files set to mode 440 or less permissive. | DISA STIG Apple macOS 13 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-13-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system. | DISA STIG Apple macOS 13 v1r5 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
