2025-11-03 - 2026-02-03
Overview
4 Releases published by 1 user
Published
tahoe_rev2
Published
sequoia_rev4
Published
visionos26_rev2
Published
ios26_rev2
312 Issues closed from 1 user
Closed
#329 profile_generator.py - All baselines use the same 'mobileconfigs' directory
Closed
#328 Consider adding a mapping for Common Criteria GPOS 4.2.1
Closed
#330 Suggest mapping to the NCSC CyberEssentials
Closed
#332 Baselines path incorrect in Wiki documentation
Closed
#333 Baseline names should be more descriptive.
Closed
#331 Consider adding an 800-171 baseline
Closed
#327 Suggest mapping to the ACSC ISM
Closed
#325 Setting for TimeServer
Closed
#326 sysprefs_ad_tracking_disable check
Closed
#323 Filename tweak
Closed
#322 Missing full paths
Closed
#324 Additional rule Disable Improve Siri & Dictation
Closed
#320 Overwriting baseline files
Closed
#319 profile_generator.py doesn't work unless you change directory to the "scripts" directory first
Closed
#321 rules listed in the wrong section in baselines
Closed
#318 sysprefs_diagnostics_reports_disable
Closed
#313 sysprefs_find_my_disable
Closed
#314 Concurrent session limit for SSH is not working
Closed
#317 Consider adding a GLBA baseline
Closed
#316 os_camera_disable
Closed
#315 os_siri_prompt_disable
Closed
#310 Option to sign generated profiles please!
Closed
#312 Add a default value / Arg to generate_script
Closed
#311 Generate Guidance script - excel export
Closed
#307 Check for Apple Mobile File Integrity
Closed
#305 cross reference for how rules are implemented in a tool
Closed
#306 audit_events Sandbox violations
Closed
#304 custom reference data should be displayed in generated documents and spreadsheet
Closed
#309 Check for Library Validation
Closed
#308 Option to generate plists for custom configuration profiles
Closed
#299 Cleanup references
Closed
#298 metadata subsection to track changes in customized rules
Closed
#301 os_mdm_require.yaml needs to be updated for macOS 11
Closed
#300 CJIS Baseline
Closed
#302 Re-Map os_guest_account_disable
Closed
#303 Fix language in os_certificate_authority_trust
Closed
#297 Definition of exemption
Closed
#295 add (sub)subtitles for the documentation.
Closed
#296 fixtext commands are broken; have newline chars instead of spaces
Closed
#289 Creation of the Excel doc with Custom references, adds extra rows while the name is the same
Closed
#294 Missing result for this test
Closed
#293 Fix audit_files_(group/mode/owner)_configure
Closed
#292 Use domain-specific naming in 'PayloadDisplayName' key of configuration profiles
Closed
#291 mobileconfig creation ignores exempt preferences settings
Closed
#290 os_sshd_key_exchange_algorithm_configure.yaml does not have a fallback to adding the relevant line
Closed
#284 Rule - os_facetime_app_disable.yaml - STIG ID is listed as ASOX-14-002010. It should be APPL-11-002010
Closed
#286 os_guest_access_smb_disable
Closed
#285 Rule - os_filevault_user_account - Change needed for Apple silicon
Closed
#283 Add "all_rules" to generate_baseline.py -l
Closed
#287 os_airdrop_disable check and remediation are inconsistent
Closed
#288 audit_flags_fm_configure
Closed
#282 audit_control policy cnt vs ahlt
Closed
#281 auth_ssh_smartcard_enforce rename
Closed
#280 Prevent fixes when not needed
Closed
#277 big_sur branch has two rules that claim to be APPL-11-000001
Closed
#278 git clone is broken
Closed
#274 ASOX is not a normal STIG ID
Closed
#275 mismatch between STIG rules and current version for big_sur branch
Closed
#276 compliance_count function in generated guidance script does not correctly count findings
Closed
#279 custom rule that sets mobileconfig: false still ends up creating a .mobileprofile file
Closed
#269 Directory services integration test returns multiple values
Closed
#270 Add sections for project and local site authors to custom baselines
Closed
#271 Tag and Compliance Script check for Intel vs Apple Silicon
Closed
#273 setting pwpolicy_file
Closed
#272 Errors generating CIS compliance profiles
Closed
#268 14.3. Password Policy Supplemental duplicate entry?
Closed
#266 Firmware password check does not work on Apple Silicon-based machines.
Closed
#267 Sudoers authenticate on per -tty basis
Closed
#265 Mobileconfig profiles do not honor compliance script exemptions
Closed
#259 STIG Big_Sure os_ESS_installed
Closed
#264 Compliance script run with --fix does not apply fixes unless --check was run first
Closed
#262 baseline compliance script output to Unified Logging
Closed
#260 ChallengeResponseAuthentication not present in macOS Monterey
Closed
#261 JXA Checks are causing the generated baseline_compliance.sh to break
Closed
#263 sysprefs_wifi_disable.yaml ignored for STIG compliance
Closed
#258 os_sudo_timeout_configure adjust check for possible spaces
Closed
#257 time server enforcement values possibly deprecated.
Closed
#256 (dev_monterey) os_install_log_retention_policy and audit_flags_configure not remediating
Closed
#252 Duplicate security controls and missing reference values in
Closed
#254 mismatched test and remediate for Monterey os_blank_bluray_disable.yaml
Closed
#255 Disable Siri prefpane
Closed
#253 mismatched test and mobileconfig for Monterey os_burn_support_disable
Closed
#248 os_sudoers_tty_configure.yaml check and fix don't work
Closed
#249 missing EOS in some rules
Closed
#251 Add an "id:" tag to the baseline .yaml files for easier distinction between baselines versus using the "title:" tag
Closed
#247 Modify the arg checking to suit Jamf Pro policies
Closed
#250 remediation for os_policy_banner_loginwindow_enforce creates a wrongly named directory
Closed
#244 Test Rule 2
Closed
#241 Stats Reporting Incorrect
Closed
#243 Removing a rule from guidance will not remove the rule from audit file
Closed
#242 audit_retention_configure_sixty_days remediation not getting picked up by Jamf Protect insights
Closed
#245 Test screensaver timeout
Closed
#246 TOC not being generated when asciidoctor-pdf 2.0.x is installed
Closed
#239 Remove requirement for admin prompt when install ruby gems
Closed
#238 os_software_update_deferral gives fails finding if 'enforcedSoftwareUpdateDelay' key is not set
Closed
#240 pwpolicy_account_lockout_enforce should check if value is less than or equal
Closed
#234 Update sshd Checks
Closed
#237 Add an option to view a description of rules when creating a tailored baseline
Closed
#236 Make Configuration Profile Display Names specific to payload
Closed
#235 os_recovery_lock_enable has incorrect key
Closed
#233 rules/os/os_library_validation_enabled.yaml fails with: "run_fix:242: command not found: This"
Closed
#232 sysprefs_software_update_app_update_enforce
Closed
#230 Ummm, HOWTO
Closed
#229 sysprefs_screensaver_ask_for_password_delay_enforce not remediated
Closed
#231 os_hibernate_mode_enable: remediation is not effective
Closed
#227 Disabled launchctl reports incorrectly (Ventura)
Closed
#226 Generate_baseline -t crash
Closed
#228 Format problem in remediation of a number of 'os' section rules
Closed
#225 Modify sysprefs_siri_disable to use "com.apple.assistant.support" instead of "com.apple.ironwood.support"
Closed
#223 ODV - Parent value not being applied properly
Closed
#224 sysprefs_system_wide_preferences_configure shared key doesn't exist on some systems
Closed
#221 Profiles with multiple disabled Pref Panes keys not detected
Closed
#222 Big Sur Compliance Script Error
Closed
#220 Fix CIS mappings from new draft
Closed
#217 os_sshd_permit_root_login_configure code fails to run the validation script
Closed
#219 Rules missing 800-53 references
Closed
#218 icloud_appleid_system_settings_disable checking script seems to be returning inconsistent data
Closed
#216 auth_ssh_password_authentication_disable needs to be updated for Ventura
Closed
#215 JCE CIS Level 1 Rules are showing 2.9.3 (Level 2)
Closed
#213 system_settings_ssh_enable check
Closed
#214 system_settings_system_wide_preferences_configure for loop syntax
Closed
#212 os_sshd_fips_compliant remediate issue
Closed
#211 os_sshd_key_exchange_algorithm_configure detection issue
Closed
#207 How to run macOS security compliance script on multiple mac devices using workspaceone MDM
Closed
#205 os_sshd_permit_root_login_configure remediation code appends "permitrootlogin no"
Closed
#210 Generated compliance script debug mode
Closed
#206 Consider creating a rule that turns off Xcode Ads for Xcode Cloud
Closed
#208 os_install_log_retention_configure
Closed
#209 os_hibernate_mode_enable Missing hibernatemode (and spelling error)
Closed
#202 generate_baseline.py crash with custom baselines
Closed
#204 Rogue Highlighter 4.0.0 is not compatible with built-in Ruby
Closed
#203 DisableGuestAccount/EnableGuestAccount key
Closed
#201 system_settings_time_machine_encrypted_configure.yaml incorrect tag for CIS
Closed
#196 handful of settings aren't "fixed" by compliance script
Closed
#200 Include check that FileVault cannot be disabled in system_settings_filevault_enforce or create new rule to check
Closed
#199 os_hibernate_mode_enable: Standby setting for Apple silicon is incorrect
Closed
#197 where is the page that describes how to install these ?
Closed
#198 USB Restricted Mode
Closed
#195 Tweak SSH rules for FIPS 186-5 addition of curve25519-sha256
Closed
#194 JAMF integration?
Closed
#193 checking for authenticated-root hangs forever when multiple OSes are available
Closed
#190 Create a script who doesn't need answer to fix non compliant settings
Closed
#191 Add Safari rules for Monterey (CIS)
Closed
#192 Set rules with pathBlackList to deprecated
Closed
#184 Script should explicitly set LANG=C to avoid problems with localized output
Closed
#189 Add command to remove uchg flag from /etc/security/audit_control
Closed
#185 forceInternetSharingOff is failing check, but the key is set in com.apple.MCX
Closed
#186 os_anti_virus_installed returns unexpected result ('integer': 3)
Closed
#188 Scutil is referenced without full path
Closed
#187 os_secure_boot_verify - bputil
Closed
#182 sshd checks sometimes fail for reasons other than the rule
Closed
#183 Checks adding to /etc/sudoers.d directory fail on fresh 13.3 installs
Closed
#181 generate_scap crash
Closed
#180 Asciidoctor-pdf 2.3.6 [undefined method `absolute_path?' for File:Class] error
Closed
#177 sshd banner check and fix
Closed
#176 clientalivecountmax and clientaliveinterval
Closed
#179 Provide indication of whether each Guideline corresponds to Apple's default setting
Closed
#178 Using "heredoc" Breaks Commands
Closed
#173 Ventura firewall mobileconfig fails to install
Closed
#175 Rule 7.7 Secure User's Home Folder is not reporting correctly
Closed
#172 os_policy_banner_ssh_configure fails on Ventura even after remediation
Closed
#174 compliance script should be able to say which rules fail
Closed
#171 firmware password requirement not applicable to Apple silicon according to STIG
Closed
#170 Compliance percentage incorrect when exempted rules pass
Closed
#169 os_anti_virus_installed rule
Closed
#167 Application Layer Firewall new check required
Closed
#163 Computers that fail os_time_offset_limit_configure
Closed
#166 Remediations on audit_control cause chaos if file is missing
Closed
#168 Fraudulent typo
Closed
#164 Sonoma - sshd config updates
Closed
#165 com.apple.locationmenu missing from supported_payloads
Closed
#162 CIS Manual Recommendations not generating properly
Closed
#161 Indicate manual rules that are included in the baseline
Closed
#160 Compliance percentage incorrect when exempted rules pass #267 “best practice!!!
Closed
#154 os_install_log_retention_configure - remediation does not match check
Closed
#155 CIS Lvl 1 6.1.1 failing false positives
Closed
#159 submit profiles by CIS section vs functionality section
Closed
#157 Generate recommendations Python script relies on very out of date Ruby gems
Closed
#158 Monterey 800-171 .GlobalPreferences settings mobile config not importing into JAMF
Closed
#156 Wiki Compliance Script typo
Closed
#151 audit_retention_configure fails to edit the /etc/security/audit_control file
Closed
#153 os_anti_virus_installed errors: Load Failed 5 (Sonoma)
Closed
#152 audit_flags_fm_configure fails in dev_sonoma because of the ^fm
Closed
#148 Configuration Profile -locationmenu not working
Closed
#149 os_sshd_unused_connection_timeout_configure for dev_sonoma typo error
Closed
#150 icloud_appleid_system_settings_disable (dev_sonoma) refers to deprecated domain
Closed
#147 pwpolicy_account_lockout_enforce issues with Sonoma
Closed
#145 os_safari_javascript_enabled not detected properly
Closed
#144 Configuration Profile Generation
Closed
#142 os_recovery_lock_enable should not have a manual tag
Closed
#143 feat: support syspolicy_check a new feature in Sonoma to determine if the provided macOS application will pass the current running configurations’ system policy.
Closed
#146 Suppress Script Output Option
Closed
#140 iCloud privacy relay disable not working
Closed
#141 os_gatekeeper_enable - Sonoma - Misconfiguration
Closed
#139 Space missing in $CURRENT_USER code in adoc files
Closed
#138 build/cis_lvl1/cis_lvl1_compliance.sh: line 6359: syntax error near unexpected token `fi'
Closed
#137 Add baseline tags to supplemental rules
Closed
#133 Different payload type for system_settings_screensaver_timeout_enforce
Closed
#136 Bug: syslog daemon changes break its usage on macOS 10.13 and above
Closed
#135 Remove multiple NTP servers from system_settings_time_server_configure.yaml
Closed
#134 system_settings_apple_watch_unlock_disable & system_settings_touchid_unlock_disable should not be mapped to AC-11
Closed
#127 os_mail_app_disable results in annoying popups after every login
Closed
#132 safariAllowPopups doesn't work in Sonoma (and possibly earlier versions)
Closed
#131 Add requirement to review exemptions to smart card login.
Closed
#129 Prohibit execution from /tmp
Closed
#130 Tailored by is missing in PDF output
Closed
#128 os_hibernate_mode_apple_silicon_enable checking is broken
Closed
#126 Rules having both the fix and the profile
Closed
#124 Rule: os_password_hint_remove reports wrong for Guest account in the as-is audit script
Closed
#125 os_unlock_active_user_session_disable should be an ODV
Closed
#118 generate_baseline.py invalid escape sequence
Closed
#122 system_settings_remote_management_disable avoid undocumented mdmclient
Closed
#123 os_root_disable alternative implementation
Closed
#121 SIP protected services
Closed
#116 pwpolicy_custom_regex_enforce fix statement and note
Closed
#115 Rules are tagged with 'stig' that do not have STIG References
Closed
#117 os_world_writable_system_folder_configure new restricted folder
Closed
#110 os_setup_assistant_filevault_enforce checks for wrong type
Closed
#113 DISA customer pointed out potential issue with regex in pwpolicy_custom_regex_enforce
Closed
#114 SyntaxWarning for python string \| with sufficiently new python version
Closed
#112 STIG guidance leads to inconsistent failed password account locking time
Closed
#111 Retain previous finding if check fails
Closed
#109 unable to generate tailored baseline
Closed
#104 Add --no-rcs to compliance script
Closed
#108 Update PDF & HTML based on platform
Closed
#105 Set ODV values (and perhaps other things like excluded rules) non-interactively
Closed
#106 pwpolicy_account_lockout_enforce not presenting expected result in Log
Closed
#107 kickstart references in benchmarks
Closed
#103 os_world_writable_system_folder_configure borken since Sonoma 14.4
Closed
#100 generate_guidance fails when using all_rules on the Sonoma branch
Closed
#102 Add SFR references to iOS documents
Closed
#101 system_settings_system_wide_preferences_configure
Closed
#98 pwpolicy_force_pin_enable
Closed
#99 Feature Proposal: Generate guidance in Markdown format
Closed
#94 Asciidoctor 2.0.23 breaks html and pdf output
Closed
#96 Changing time server value is not respected, always, in the remediation section
Closed
#97 authorizationdb rules
Closed
#95 DISA STIG - Text Updates
Closed
#92 Undefined reference to 'parser' in main() of generate_baseline.py
Closed
#90 Add basic usage instructions
Closed
#93 SyntaxWarning: invalid escape sequence '\|'
Closed
#88 Scripts fail if yaml file has .yml extension
Closed
#89 system_settings_siri_listen_disable result check incorrect
Closed
#91 Store lastComplianceCheck date string as a regularised value
Closed
#83 system_settings_wake_network_access_disable resets on check
Closed
#87 system_settings_wake_network_access_disable failed in VM devices
Closed
#86 system_settings_loginwindow_loginwindowtext_enable appear in the configuration profile when not selected
Closed
#85 system_settings_system_wide_preferences_configure.yaml is missing full path to security binary
Closed
#81 Consider adding the newsyslog.d directory to the newsyslog rules
Closed
#79 remove system_settings_cd_dvd_sharing_disable
Closed
#82 $ODV value not replaced correctly in nested dict
Closed
#80 New privacy switches in macOS 15 are not managed by allowDiagnosticSubmission
Closed
#78 system_settings_improve_assistive_voice_disable.yaml mis-identified CIS control number
Closed
#77 system_settings_improve_search_disable.yaml mis-identified as a CIS Level 1 control
Closed
#76 system_settings_software_update_enforce.yaml has been silently deprecated by Apple
Closed
#74 fix for os_ssh_server_alive_interval_configure.yaml is not successful
Closed
#72 "check" script in system_settings_screensaver_ask_for_password_delay_enforce.yaml throws a syntax error
Closed
#71 STIG tag missing from system_settings_improve_assistive_voice_disable.yaml
Closed
#73 Add Apple Intelligence Controls
Closed
#75 os_world_writable_library_folder_configure.yaml blocked by SIP?
Closed
#70 pwpolicy_special_character_enforce: enforce more than 1 special character.
Closed
#69 os_install_log_retention_configure - TTL will be removed after update
Closed
#68 Running compliance script generated by Jamf Compliance Editor in terminal and the GUI "Audit Run" results differ. (CISL1)
Closed
#63 15.3/18.3 and 15.4/18.4 keys to add
Closed
#64 Generate Guidance does not fill out Severity Column in xlsx spreadsheet
Closed
#62 Create a 2.x release of mSCP
Closed
#65 ScreenSaver
Closed
#61 forelliN
Closed
#66 Fix pwpolicy_upper_case_character_enforce.yaml
Closed
#59 CIS1 Password length incorrect
Closed
#58 openSSH 9.8 - SC-05
Closed
#60 Compliance Count CIS lvl2
Closed
#56 system_settings_siri_listen_disable not working as intended
Closed
#55 macOS Major version specific Audit preference file domains
Closed
#57 Multiple issues with pwpolicy_ on Sequoia (Using Jamf Connect with EntraID as the OIDC Provider)
Closed
#49 User Preferences Revert to Defaults Following Reboot
Closed
#51 Request for Script or Function to Rollback Executed Commands
Closed
#50 Generate findings report in XLS and PDF format
Closed
#54 generate_scap.py is not functioning as expected
Closed
#48 MacOS 15 defintion for CCE-94310 "Configure Sudo To Log Events" calls the same testID twice
Closed
#46 Platform SSO and os_unlock_active_user_session_disable
Closed
#45 Inconsistent Output with Guest User Directory Detection Script
Closed
#47 False negative with V-268546 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.
Closed
#41 SecureKeyboardEntry not working in Tahoe
Closed
#43 system_settings_ssh_disable (Commands discrepancy)
Closed
#40 CMMC Baselines (SSH set to both Disable and Enable)
Closed
#42 Rule updates for Sequoia -- os_appleid_prompt_disable, os_icloud_storage_prompt_disable, and more...
Closed
#39 os_authenticated_root_enable is need to supress the errors
Closed
#37 launchctl list vs print-disabled
Closed
#34 Output of check using jq for two DDM rules fail to match
Closed
#36 False failures with os_unlock_active_user_session_disable (Sequioa Branch)
Closed
#30 FileVault enforcement requires FileVault payload
Closed
#29 Password enforcement fails with allowPasscodeModification=false
Closed
#33 Time Machine encryption check fails with space in mount point - system_settings_time_machine_encrypted_configure
Closed
#32 Generate a consolidated configuration profile
Closed
#26 system_settings_cd_dvd_sharing_disable rule missing from macOS 14 Sequoia and macOS 15 Sonoma
Closed
#28 pwpolicy_minimum_length_enforce fails when min length > ODV
Closed
#25 Configure the default behavior of the check/remediate script when run from a MDM without flag support.
Closed
#27 Typo in os_notes_transcription_summary_disable rule on iOS_26 branch
Closed
#23 Typo for os_siri_assistant_disable
Closed
#24 Typo in os_implement_cryptography and os_required_crypto_module in macOS Tahoe
Closed
#22 Modifications to "authorizationdb" in 2.6.8 cause other commands to fail when run by root, sudo or by an mdm agent
Closed
#19 system_settings_sleep_enforce rule has same detection limitations as os_sleep_and_display_sleep_apple_silicon_enable on Apple Silicon
Closed
#21 Incorrect MacBook detection logic in os_sleep_and_display_sleep_apple_silicon_enable check script on Apple Silicon
Closed
#15 Screen Saver Password Enforce needs CIS lvl1 and lvl2 tag
Closed
#16 Typo in os_sshd_fips_compliant.yaml fix code
Closed
#18 Data quality issues.
Closed
#8 Rule system_settings_softwareupdate_current ODV missing interval
Closed
#9 audit_flags_fm_configure fix script no longer working
Closed
#10 Granular MobileConfig Output
Closed
#4 Redacted
Closed
#6 Issue with generating pdf with generate_guidance script
333 Issues created by 1 user
Opened
#2 pwpolicy_history_enforce set incorrectly for Tahoe CIS lvl1
Opened
#3 Tailoring system_settings_screensaver_ask_for_password_delay_enforce $ODV=0 does not create a custom rule
Opened
#1 system_settings_screensaver_timeout_enforce set incorrectly for Tahoe CIS lvl1
Opened
#5 Dev_2.0 spot check on rules - noticed a few empty platforms: {} mappings
Opened
#6 Issue with generating pdf with generate_guidance script
Opened
#4 Redacted
Opened
#12 Consolidated and granular .mobileconfig outputs
Opened
#9 audit_flags_fm_configure fix script no longer working
Opened
#10 Granular MobileConfig Output
Opened
#8 Rule system_settings_softwareupdate_current ODV missing interval
Opened
#11 os_anti_virus_installed errors: Tahoe
Opened
#7 manual tag not removable by rule customization
Opened
#15 Screen Saver Password Enforce needs CIS lvl1 and lvl2 tag
Opened
#13 Generate remediation scripts rather than depend on check script
Opened
#16 Typo in os_sshd_fips_compliant.yaml fix code
Opened
#14 rules/os/os_root_disable does more than prevent root login- it breaks functionality (and isn't actually needed)
Opened
#17 os_unlock_active_user_session_disable negatively impacts Platform SSO Accounts
Opened
#18 Data quality issues.
Opened
#24 Typo in os_implement_cryptography and os_required_crypto_module in macOS Tahoe
Opened
#21 Incorrect MacBook detection logic in os_sleep_and_display_sleep_apple_silicon_enable check script on Apple Silicon
Opened
#23 Typo for os_siri_assistant_disable
Opened
#20 Enhanced Unification of Documentation and Scripting - Dev_2.0
Opened
#22 Modifications to "authorizationdb" in 2.6.8 cause other commands to fail when run by root, sudo or by an mdm agent
Opened
#19 system_settings_sleep_enforce rule has same detection limitations as os_sleep_and_display_sleep_apple_silicon_enable on Apple Silicon
Opened
#25 Configure the default behavior of the check/remediate script when run from a MDM without flag support.
Opened
#29 Password enforcement fails with allowPasscodeModification=false
Opened
#27 Typo in os_notes_transcription_summary_disable rule on iOS_26 branch
Opened
#26 system_settings_cd_dvd_sharing_disable rule missing from macOS 14 Sequoia and macOS 15 Sonoma
Opened
#30 FileVault enforcement requires FileVault payload
Opened
#28 pwpolicy_minimum_length_enforce fails when min length > ODV
Opened
#31 Incorrect logic in system_settings_softwareupdate_current
Opened
#32 Generate a consolidated configuration profile
Opened
#33 Time Machine encryption check fails with space in mount point - system_settings_time_machine_encrypted_configure
Opened
#37 launchctl list vs print-disabled
Opened
#35 Add safariAllowJavaScript
Opened
#38 Rule pwpolicy_account_inactivity_enforce can lock-out user account
Opened
#39 os_authenticated_root_enable is need to supress the errors
Opened
#34 Output of check using jq for two DDM rules fail to match
Opened
#36 False failures with os_unlock_active_user_session_disable (Sequioa Branch)
Opened
#42 Rule updates for Sequoia -- os_appleid_prompt_disable, os_icloud_storage_prompt_disable, and more...
Opened
#44 Create Python SCP Library
Opened
#45 Inconsistent Output with Guest User Directory Detection Script
Opened
#40 CMMC Baselines (SSH set to both Disable and Enable)
Opened
#41 SecureKeyboardEntry not working in Tahoe
Opened
#43 system_settings_ssh_disable (Commands discrepancy)
Opened
#46 Platform SSO and os_unlock_active_user_session_disable
Opened
#48 MacOS 15 defintion for CCE-94310 "Configure Sudo To Log Events" calls the same testID twice
Opened
#47 False negative with V-268546 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.
Opened
#54 generate_scap.py is not functioning as expected
Opened
#51 Request for Script or Function to Rollback Executed Commands
Opened
#49 User Preferences Revert to Defaults Following Reboot
Opened
#52 Migration from MSCP 1 to MSCP 2.0
Opened
#53 com.apple.mail.managed
Opened
#50 Generate findings report in XLS and PDF format
Opened
#56 system_settings_siri_listen_disable not working as intended
Opened
#55 macOS Major version specific Audit preference file domains
Opened
#57 Multiple issues with pwpolicy_ on Sequoia (Using Jamf Connect with EntraID as the OIDC Provider)
Opened
#58 openSSH 9.8 - SC-05
Opened
#59 CIS1 Password length incorrect
Opened
#60 Compliance Count CIS lvl2
Opened
#63 15.3/18.3 and 15.4/18.4 keys to add
Opened
#66 Fix pwpolicy_upper_case_character_enforce.yaml
Opened
#61 forelliN
Opened
#65 ScreenSaver
Opened
#62 Create a 2.x release of mSCP
Opened
#64 Generate Guidance does not fill out Severity Column in xlsx spreadsheet
Opened
#68 Running compliance script generated by Jamf Compliance Editor in terminal and the GUI "Audit Run" results differ. (CISL1)
Opened
#69 os_install_log_retention_configure - TTL will be removed after update
Opened
#67 os_sshd_fips_compliant remediation does not gracefully handle previous similar configuration settings
Opened
#75 os_world_writable_library_folder_configure.yaml blocked by SIP?
Opened
#72 "check" script in system_settings_screensaver_ask_for_password_delay_enforce.yaml throws a syntax error
Opened
#70 pwpolicy_special_character_enforce: enforce more than 1 special character.
Opened
#71 STIG tag missing from system_settings_improve_assistive_voice_disable.yaml
Opened
#74 fix for os_ssh_server_alive_interval_configure.yaml is not successful
Opened
#73 Add Apple Intelligence Controls
Opened
#78 system_settings_improve_assistive_voice_disable.yaml mis-identified CIS control number
Opened
#76 system_settings_software_update_enforce.yaml has been silently deprecated by Apple
Opened
#77 system_settings_improve_search_disable.yaml mis-identified as a CIS Level 1 control
Opened
#80 New privacy switches in macOS 15 are not managed by allowDiagnosticSubmission
Opened
#84 Enforce TouchID for password autofill
Opened
#82 $ODV value not replaced correctly in nested dict
Opened
#83 system_settings_wake_network_access_disable resets on check
Opened
#79 remove system_settings_cd_dvd_sharing_disable
Opened
#81 Consider adding the newsyslog.d directory to the newsyslog rules
Opened
#88 Scripts fail if yaml file has .yml extension
Opened
#85 system_settings_system_wide_preferences_configure.yaml is missing full path to security binary
Opened
#87 system_settings_wake_network_access_disable failed in VM devices
Opened
#86 system_settings_loginwindow_loginwindowtext_enable appear in the configuration profile when not selected
Opened
#92 Undefined reference to 'parser' in main() of generate_baseline.py
Opened
#93 SyntaxWarning: invalid escape sequence '\|'
Opened
#91 Store lastComplianceCheck date string as a regularised value
Opened
#90 Add basic usage instructions
Opened
#89 system_settings_siri_listen_disable result check incorrect
Opened
#98 pwpolicy_force_pin_enable
Opened
#96 Changing time server value is not respected, always, in the remediation section
Opened
#95 DISA STIG - Text Updates
Opened
#94 Asciidoctor 2.0.23 breaks html and pdf output
Opened
#97 authorizationdb rules
Opened
#99 Feature Proposal: Generate guidance in Markdown format
Opened
#104 Add --no-rcs to compliance script
Opened
#101 system_settings_system_wide_preferences_configure
Opened
#102 Add SFR references to iOS documents
Opened
#103 os_world_writable_system_folder_configure borken since Sonoma 14.4
Opened
#105 Set ODV values (and perhaps other things like excluded rules) non-interactively
Opened
#100 generate_guidance fails when using all_rules on the Sonoma branch
Opened
#107 kickstart references in benchmarks
Opened
#108 Update PDF & HTML based on platform
Opened
#106 pwpolicy_account_lockout_enforce not presenting expected result in Log
Opened
#114 SyntaxWarning for python string \| with sufficiently new python version
Opened
#112 STIG guidance leads to inconsistent failed password account locking time
Opened
#109 unable to generate tailored baseline
Opened
#113 DISA customer pointed out potential issue with regex in pwpolicy_custom_regex_enforce
Opened
#110 os_setup_assistant_filevault_enforce checks for wrong type
Opened
#111 Retain previous finding if check fails
Opened
#117 os_world_writable_system_folder_configure new restricted folder
Opened
#115 Rules are tagged with 'stig' that do not have STIG References
Opened
#116 pwpolicy_custom_regex_enforce fix statement and note
Opened
#120 os_asl_log_files_*_configure are completely broken
Opened
#123 os_root_disable alternative implementation
Opened
#119 os_newsyslog_files_*_configure don't take /etc/newsyslog.d into account
Opened
#121 SIP protected services
Opened
#118 generate_baseline.py invalid escape sequence
Opened
#122 system_settings_remote_management_disable avoid undocumented mdmclient
Opened
#124 Rule: os_password_hint_remove reports wrong for Guest account in the as-is audit script
Opened
#125 os_unlock_active_user_session_disable should be an ODV
Opened
#126 Rules having both the fix and the profile
Opened
#129 Prohibit execution from /tmp
Opened
#132 safariAllowPopups doesn't work in Sonoma (and possibly earlier versions)
Opened
#128 os_hibernate_mode_apple_silicon_enable checking is broken
Opened
#131 Add requirement to review exemptions to smart card login.
Opened
#127 os_mail_app_disable results in annoying popups after every login
Opened
#130 Tailored by is missing in PDF output
Opened
#138 build/cis_lvl1/cis_lvl1_compliance.sh: line 6359: syntax error near unexpected token `fi'
Opened
#133 Different payload type for system_settings_screensaver_timeout_enforce
Opened
#137 Add baseline tags to supplemental rules
Opened
#134 system_settings_apple_watch_unlock_disable & system_settings_touchid_unlock_disable should not be mapped to AC-11
Opened
#136 Bug: syslog daemon changes break its usage on macOS 10.13 and above
Opened
#135 Remove multiple NTP servers from system_settings_time_server_configure.yaml
Opened
#141 os_gatekeeper_enable - Sonoma - Misconfiguration
Opened
#140 iCloud privacy relay disable not working
Opened
#143 feat: support syspolicy_check a new feature in Sonoma to determine if the provided macOS application will pass the current running configurations’ system policy.
Opened
#139 Space missing in $CURRENT_USER code in adoc files
Opened
#142 os_recovery_lock_enable should not have a manual tag
Opened
#146 Suppress Script Output Option
Opened
#144 Configuration Profile Generation
Opened
#147 pwpolicy_account_lockout_enforce issues with Sonoma
Opened
#145 os_safari_javascript_enabled not detected properly
Opened
#149 os_sshd_unused_connection_timeout_configure for dev_sonoma typo error
Opened
#150 icloud_appleid_system_settings_disable (dev_sonoma) refers to deprecated domain
Opened
#148 Configuration Profile -locationmenu not working
Opened
#152 audit_flags_fm_configure fails in dev_sonoma because of the ^fm
Opened
#151 audit_retention_configure fails to edit the /etc/security/audit_control file
Opened
#153 os_anti_virus_installed errors: Load Failed 5 (Sonoma)
Opened
#154 os_install_log_retention_configure - remediation does not match check
Opened
#158 Monterey 800-171 .GlobalPreferences settings mobile config not importing into JAMF
Opened
#159 submit profiles by CIS section vs functionality section
Opened
#157 Generate recommendations Python script relies on very out of date Ruby gems
Opened
#156 Wiki Compliance Script typo
Opened
#155 CIS Lvl 1 6.1.1 failing false positives
Opened
#160 Compliance percentage incorrect when exempted rules pass #267 “best practice!!!
Opened
#162 CIS Manual Recommendations not generating properly
Opened
#161 Indicate manual rules that are included in the baseline
Opened
#166 Remediations on audit_control cause chaos if file is missing
Opened
#168 Fraudulent typo
Opened
#165 com.apple.locationmenu missing from supported_payloads
Opened
#164 Sonoma - sshd config updates
Opened
#167 Application Layer Firewall new check required
Opened
#163 Computers that fail os_time_offset_limit_configure
Opened
#171 firmware password requirement not applicable to Apple silicon according to STIG
Opened
#169 os_anti_virus_installed rule
Opened
#170 Compliance percentage incorrect when exempted rules pass
Opened
#172 os_policy_banner_ssh_configure fails on Ventura even after remediation
Opened
#173 Ventura firewall mobileconfig fails to install
Opened
#174 compliance script should be able to say which rules fail
Opened
#176 clientalivecountmax and clientaliveinterval
Opened
#177 sshd banner check and fix
Opened
#175 Rule 7.7 Secure User's Home Folder is not reporting correctly
Opened
#182 sshd checks sometimes fail for reasons other than the rule
Opened
#179 Provide indication of whether each Guideline corresponds to Apple's default setting
Opened
#180 Asciidoctor-pdf 2.3.6 [undefined method `absolute_path?' for File:Class] error
Opened
#181 generate_scap crash
Opened
#178 Using "heredoc" Breaks Commands
Opened
#183 Checks adding to /etc/sudoers.d directory fail on fresh 13.3 installs
Opened
#189 Add command to remove uchg flag from /etc/security/audit_control
Opened
#185 forceInternetSharingOff is failing check, but the key is set in com.apple.MCX
Opened
#186 os_anti_virus_installed returns unexpected result ('integer': 3)
Opened
#187 os_secure_boot_verify - bputil
Opened
#184 Script should explicitly set LANG=C to avoid problems with localized output
Opened
#188 Scutil is referenced without full path
Opened
#190 Create a script who doesn't need answer to fix non compliant settings
Opened
#192 Set rules with pathBlackList to deprecated
Opened
#191 Add Safari rules for Monterey (CIS)
Opened
#195 Tweak SSH rules for FIPS 186-5 addition of curve25519-sha256
Opened
#197 where is the page that describes how to install these ?
Opened
#193 checking for authenticated-root hangs forever when multiple OSes are available
Opened
#196 handful of settings aren't "fixed" by compliance script
Opened
#194 JAMF integration?
Opened
#200 Include check that FileVault cannot be disabled in system_settings_filevault_enforce or create new rule to check
Opened
#199 os_hibernate_mode_enable: Standby setting for Apple silicon is incorrect
Opened
#198 USB Restricted Mode
Opened
#201 system_settings_time_machine_encrypted_configure.yaml incorrect tag for CIS
Opened
#203 DisableGuestAccount/EnableGuestAccount key
Opened
#204 Rogue Highlighter 4.0.0 is not compatible with built-in Ruby
Opened
#207 How to run macOS security compliance script on multiple mac devices using workspaceone MDM
Opened
#206 Consider creating a rule that turns off Xcode Ads for Xcode Cloud
Opened
#202 generate_baseline.py crash with custom baselines
Opened
#205 os_sshd_permit_root_login_configure remediation code appends "permitrootlogin no"
Opened
#210 Generated compliance script debug mode
Opened
#208 os_install_log_retention_configure
Opened
#209 os_hibernate_mode_enable Missing hibernatemode (and spelling error)
Opened
#212 os_sshd_fips_compliant remediate issue
Opened
#216 auth_ssh_password_authentication_disable needs to be updated for Ventura
Opened
#211 os_sshd_key_exchange_algorithm_configure detection issue
Opened
#213 system_settings_ssh_enable check
Opened
#214 system_settings_system_wide_preferences_configure for loop syntax
Opened
#215 JCE CIS Level 1 Rules are showing 2.9.3 (Level 2)
Opened
#217 os_sshd_permit_root_login_configure code fails to run the validation script
Opened
#218 icloud_appleid_system_settings_disable checking script seems to be returning inconsistent data
Opened
#219 Rules missing 800-53 references
Opened
#221 Profiles with multiple disabled Pref Panes keys not detected
Opened
#220 Fix CIS mappings from new draft
Opened
#222 Big Sur Compliance Script Error
Opened
#223 ODV - Parent value not being applied properly
Opened
#226 Generate_baseline -t crash
Opened
#225 Modify sysprefs_siri_disable to use "com.apple.assistant.support" instead of "com.apple.ironwood.support"
Opened
#224 sysprefs_system_wide_preferences_configure shared key doesn't exist on some systems
Opened
#228 Format problem in remediation of a number of 'os' section rules
Opened
#229 sysprefs_screensaver_ask_for_password_delay_enforce not remediated
Opened
#230 Ummm, HOWTO
Opened
#227 Disabled launchctl reports incorrectly (Ventura)
Opened
#231 os_hibernate_mode_enable: remediation is not effective
Opened
#234 Update sshd Checks
Opened
#233 rules/os/os_library_validation_enabled.yaml fails with: "run_fix:242: command not found: This"
Opened
#232 sysprefs_software_update_app_update_enforce
Opened
#235 os_recovery_lock_enable has incorrect key
Opened
#236 Make Configuration Profile Display Names specific to payload
Opened
#237 Add an option to view a description of rules when creating a tailored baseline
Opened
#240 pwpolicy_account_lockout_enforce should check if value is less than or equal
Opened
#241 Stats Reporting Incorrect
Opened
#239 Remove requirement for admin prompt when install ruby gems
Opened
#238 os_software_update_deferral gives fails finding if 'enforcedSoftwareUpdateDelay' key is not set
Opened
#243 Removing a rule from guidance will not remove the rule from audit file
Opened
#245 Test screensaver timeout
Opened
#242 audit_retention_configure_sixty_days remediation not getting picked up by Jamf Protect insights
Opened
#244 Test Rule 2
Opened
#246 TOC not being generated when asciidoctor-pdf 2.0.x is installed
Opened
#247 Modify the arg checking to suit Jamf Pro policies
Opened
#251 Add an "id:" tag to the baseline .yaml files for easier distinction between baselines versus using the "title:" tag
Opened
#250 remediation for os_policy_banner_loginwindow_enforce creates a wrongly named directory
Opened
#249 missing EOS in some rules
Opened
#248 os_sudoers_tty_configure.yaml check and fix don't work
Opened
#252 Duplicate security controls and missing reference values in
Opened
#253 mismatched test and mobileconfig for Monterey os_burn_support_disable
Opened
#255 Disable Siri prefpane
Opened
#254 mismatched test and remediate for Monterey os_blank_bluray_disable.yaml
Opened
#256 (dev_monterey) os_install_log_retention_policy and audit_flags_configure not remediating
Opened
#257 time server enforcement values possibly deprecated.
Opened
#258 os_sudo_timeout_configure adjust check for possible spaces
Opened
#263 sysprefs_wifi_disable.yaml ignored for STIG compliance
Opened
#260 ChallengeResponseAuthentication not present in macOS Monterey
Opened
#259 STIG Big_Sure os_ESS_installed
Opened
#261 JXA Checks are causing the generated baseline_compliance.sh to break
Opened
#264 Compliance script run with --fix does not apply fixes unless --check was run first
Opened
#262 baseline compliance script output to Unified Logging
Opened
#267 Sudoers authenticate on per -tty basis
Opened
#265 Mobileconfig profiles do not honor compliance script exemptions
Opened
#266 Firmware password check does not work on Apple Silicon-based machines.
Opened
#273 setting pwpolicy_file
Opened
#269 Directory services integration test returns multiple values
Opened
#270 Add sections for project and local site authors to custom baselines
Opened
#272 Errors generating CIS compliance profiles
Opened
#271 Tag and Compliance Script check for Intel vs Apple Silicon
Opened
#268 14.3. Password Policy Supplemental duplicate entry?
Opened
#274 ASOX is not a normal STIG ID
Opened
#279 custom rule that sets mobileconfig: false still ends up creating a .mobileprofile file
Opened
#277 big_sur branch has two rules that claim to be APPL-11-000001
Opened
#278 git clone is broken
Opened
#275 mismatch between STIG rules and current version for big_sur branch
Opened
#276 compliance_count function in generated guidance script does not correctly count findings
Opened
#280 Prevent fixes when not needed
Opened
#281 auth_ssh_smartcard_enforce rename
Opened
#282 audit_control policy cnt vs ahlt
Opened
#288 audit_flags_fm_configure
Opened
#287 os_airdrop_disable check and remediation are inconsistent
Opened
#285 Rule - os_filevault_user_account - Change needed for Apple silicon
Opened
#284 Rule - os_facetime_app_disable.yaml - STIG ID is listed as ASOX-14-002010. It should be APPL-11-002010
Opened
#286 os_guest_access_smb_disable
Opened
#283 Add "all_rules" to generate_baseline.py -l
Opened
#294 Missing result for this test
Opened
#293 Fix audit_files_(group/mode/owner)_configure
Opened
#290 os_sshd_key_exchange_algorithm_configure.yaml does not have a fallback to adding the relevant line
Opened
#292 Use domain-specific naming in 'PayloadDisplayName' key of configuration profiles
Opened
#291 mobileconfig creation ignores exempt preferences settings
Opened
#289 Creation of the Excel doc with Custom references, adds extra rows while the name is the same
Opened
#296 fixtext commands are broken; have newline chars instead of spaces
Opened
#297 Definition of exemption
Opened
#295 add (sub)subtitles for the documentation.
Opened
#300 CJIS Baseline
Opened
#303 Fix language in os_certificate_authority_trust
Opened
#301 os_mdm_require.yaml needs to be updated for macOS 11
Opened
#302 Re-Map os_guest_account_disable
Opened
#299 Cleanup references
Opened
#298 metadata subsection to track changes in customized rules
Opened
#309 Check for Library Validation
Opened
#304 custom reference data should be displayed in generated documents and spreadsheet
Opened
#306 audit_events Sandbox violations
Opened
#305 cross reference for how rules are implemented in a tool
Opened
#307 Check for Apple Mobile File Integrity
Opened
#308 Option to generate plists for custom configuration profiles
Opened
#310 Option to sign generated profiles please!
Opened
#312 Add a default value / Arg to generate_script
Opened
#311 Generate Guidance script - excel export
Opened
#317 Consider adding a GLBA baseline
Opened
#314 Concurrent session limit for SSH is not working
Opened
#316 os_camera_disable
Opened
#313 sysprefs_find_my_disable
Opened
#315 os_siri_prompt_disable
Opened
#318 sysprefs_diagnostics_reports_disable
Opened
#320 Overwriting baseline files
Opened
#319 profile_generator.py doesn't work unless you change directory to the "scripts" directory first
Opened
#321 rules listed in the wrong section in baselines
Opened
#323 Filename tweak
Opened
#324 Additional rule Disable Improve Siri & Dictation
Opened
#322 Missing full paths
Opened
#325 Setting for TimeServer
Opened
#326 sysprefs_ad_tracking_disable check
Opened
#327 Suggest mapping to the ACSC ISM
Opened
#332 Baselines path incorrect in Wiki documentation
Opened
#333 Baseline names should be more descriptive.
Opened
#331 Consider adding an 800-171 baseline
Opened
#329 profile_generator.py - All baselines use the same 'mobileconfigs' directory
Opened
#328 Consider adding a mapping for Common Criteria GPOS 4.2.1
Opened
#330 Suggest mapping to the NCSC CyberEssentials