| APPL-11-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-000007 - The macOS system must be configured to disable hot corners - bottom left | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-000007 - The macOS system must be configured to disable hot corners - top right | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked - maxFailedAttempts | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fd | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-11-002003 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002020 - The macOS system must be configured to disable Siri and dictation - Assistant Allowed | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002023 - The macOS system must be configured to disable the application Calendar. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002035 - The macOS system must be configured to disable the Cloud Setup services. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002038 - Apple macOS must be configured to disable the tftp service. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-002040 - The macOS system must disable iCloud Keychain synchronization. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002042 - The macOS system must disable iCloud bookmark synchronization. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002043 - The macOS system must disable iCloud photo library. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002051 - The macOS system must be configured to disable the system preference pane for TouchID - HiddenPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - HiddenPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002053 - The macOS system must be configured to disable the system preference pane for Siri - DisabledPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisableBluetooth | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - HiddenPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002067 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002067 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory Access Control Lists | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002069 - The macOS system must authenticate peripherals before establishing a connection. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003010 - The macOS system must enforce a minimum 15-character password length. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-005050 - The macOS Application Firewall must be enabled - EnableStealthMode | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-005051 - The macOS system must restrict the ability of individuals to use USB storage devices. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-000002 - The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-13-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-13-002005 - The macOS system must be configured to disable Bonjour multicast advertising. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002020 - The macOS system must be configured to disable Siri and dictation. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002038 - The macOS system must be configured to disable the "tftp" service. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-002041 - The macOS system must disable iCloud Document synchronization. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002043 - The macOS system must disable the iCloud Photo Library. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002051 - The macOS system must be configured to disable the system preference pane for TouchID and Password. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple macOS 13 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
