From 703de2730518831943303c4e65343c7bcc7a9918 Mon Sep 17 00:00:00 2001 From: Bob Gendler Date: Wed, 19 Oct 2022 20:56:15 -0400 Subject: [PATCH 1/2] refactor [information] Updates for Ventura release * Updated CHANGELOG * Updated VERSION.yaml * Updated README --- CHANGELOG.adoc | 6 +++++- README.adoc | 4 ++++ VERSION.yaml | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc index fa355106..84693624 100644 --- a/CHANGELOG.adoc +++ b/CHANGELOG.adoc @@ -43,6 +43,7 @@ This document provides a high-level view of the changes to the macOS Security Co *** pwpolicy_simple_sequence_disable.yaml *** pwpolicy_special_character_enforce.yaml *** pwpolicy_upper_case_character_enforce.yaml +*** system_settings_system_wide_preferences_configure *** System Preferences -> System Settings ** Deleted Rules *** os_sudoers_tty_configure @@ -66,6 +67,9 @@ This document provides a high-level view of the changes to the macOS Security Co ** generate_mappings *** Bug Fixes ** generate_scap +*** Added support for ODV +*** Added support for new checks +*** Generate scap, xccdf, or oval *** Bug Fixes -* SCAP + diff --git a/README.adoc b/README.adoc index eb6f91a8..49a33913 100644 --- a/README.adoc +++ b/README.adoc @@ -23,6 +23,10 @@ endif::[] The macOS Security Compliance Project is an link:LICENSE.md[open source] effort to provide a programmatic approach to generating security guidance. The configuration settings in this document were derived from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, _Security and Privacy Controls for Information Systems and Organizations_, Revision 5. This is a joint project of federal operational IT Security staff from the National Institute of Standards and Technology (NIST), National Aeronautics and Space Administration (NASA), Defense Information Systems Agency (DISA), and Los Alamos National Laboratory (LANL). +This project is the technical implementation of NIST Special Publication, https://csrc.nist.gov/publications/detail/sp/800-219/final[800-219 Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)]. NIST SP 800-219 is the official guidance from for automated secure configuration for macOS. + +Apple supports the macOS Security Compliance Project with information on their https://support.apple.com/guide/sccc/macos-security-compliance-project-sccc22685bb2/web[Security Certifications and Compliance Center] page. + This project can be used as a resource to easily create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to the compliance requirements defined in NIST SP 800-53 (Rev. 5). It can also be used to develop customized guidance to meet the particular cybersecurity needs of any organization. To learn more about the project, please see the {uri-repo}/wiki[wiki]. diff --git a/VERSION.yaml b/VERSION.yaml index a24cf7aa..a2f8aafe 100644 --- a/VERSION.yaml +++ b/VERSION.yaml @@ -1,4 +1,4 @@ os: "13.0" version: "Ventura Guidance, Revision 1" cpe: o:apple:macos:13.0 -date: "2022-XX-XX" +date: "2022-10-19" From e0699b2ba289f38b295c02e8d59a445e19d46504 Mon Sep 17 00:00:00 2001 From: Bob Gendler Date: Wed, 19 Oct 2022 20:57:54 -0400 Subject: [PATCH 2/2] Update README.adoc --- README.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.adoc b/README.adoc index 49a33913..1fa00165 100644 --- a/README.adoc +++ b/README.adoc @@ -23,7 +23,7 @@ endif::[] The macOS Security Compliance Project is an link:LICENSE.md[open source] effort to provide a programmatic approach to generating security guidance. The configuration settings in this document were derived from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, _Security and Privacy Controls for Information Systems and Organizations_, Revision 5. This is a joint project of federal operational IT Security staff from the National Institute of Standards and Technology (NIST), National Aeronautics and Space Administration (NASA), Defense Information Systems Agency (DISA), and Los Alamos National Laboratory (LANL). -This project is the technical implementation of NIST Special Publication, https://csrc.nist.gov/publications/detail/sp/800-219/final[800-219 Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)]. NIST SP 800-219 is the official guidance from for automated secure configuration for macOS. +This project is the technical implementation of NIST Special Publication, 800-219 https://csrc.nist.gov/publications/detail/sp/800-219/final[Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)]. NIST Special Publication 800-219 is the official guidance from for automated secure configuration for macOS. Apple supports the macOS Security Compliance Project with information on their https://support.apple.com/guide/sccc/macos-security-compliance-project-sccc22685bb2/web[Security Certifications and Compliance Center] page.