diff --git a/rules/supplemental/supplemental_cis_manual.yaml b/rules/supplemental/supplemental_cis_manual.yaml index 6b21d99a..9cb3079a 100644 --- a/rules/supplemental/supplemental_cis_manual.yaml +++ b/rules/supplemental/supplemental_cis_manual.yaml @@ -2,16 +2,6 @@ id: supplemental_cis_manual title: "CIS Manual Recommendations" discussion: | List of CIS recommendations that are manual check in the CIS macOS Benchmark. - - [cols="15%h, 85%a"] - |=== - - |Section - |Install Updates, Patches and Additional Security Software - - |Recommendations - |1.7 Audit Computer Name - |=== [cols="15%h, 85%a"] |=== @@ -19,21 +9,18 @@ discussion: | |System Settings |Recommendations - |2.3.3 Audit Lock Screen and Start Screen Saver Tools + - 2.5.1.2 Ensure all user storage APFS volumes are encrypted + - 2.5.1.3 Ensure all user storage CoreStorage volumes are encrypted + - 2.5.4 Audit Location Services Access + - 2.5.7 Audit Camera Privacy and Confidentiality + - 2.6.1.1 Audit iCloud Configuration + - 2.6.1.2 Audit iCloud Keychain + - 2.6.1.3 Audit iCloud Drive + - 2.6.2 Audit App Store Password Settings + - 2.12 Audit Automatic Actions for Optical Media + - 2.13 Audit Siri Settings + - 2.14 Audit Sidecar Settings + - 2.15 Audit Touch ID and Wallet & Apple Pay Settings + - 2.16 Audit Notification System Preference Settings + - 2.17 Audit Passwords System Preference Setting + + | 2.1.1.1 Audit iCloud Keychain + + 2.1.1.2 Audit iCloud Drive + + 2.1.2 Audit App Store Password Settings + + 2.3.3.12 Ensure Computer Name Does Not Contain PII or Protected Organizational Information + + 2.4.3 Audit Fast User Switching + + 2.5.1 Audit Siri Settings + + 2.6.1.3 Audit Location Services Access + + 2.6.6 Audit Lockdown Mode + + 2.8.1 Audit Universal Control Settings + + 2.11.2 Audit Touch ID and Wallet & Apple Pay Settings + + 2.13.1 Audit Passwords System Preference Setting + + 2.14.1 Audit Notification & Focus Settings + |=== [cols="15%h, 85%a"] @@ -45,16 +32,6 @@ discussion: | |3.7 Audit Software Inventory |=== - [cols="15%h, 85%a"] - |=== - |Section - |Network Configurations - - |Recommendations - |4.3 Audit Network Specific Locations + - 4.6 Audit Wi-Fi Settings + - |=== - [cols="15%h, 85%a"] |=== |Section @@ -63,19 +40,23 @@ discussion: | |Recommendations |5.2.3 Ensure Complex Password Must Contain Alphabetic Characters Is Configured + 5.2.4 Ensure Complex Password Must Contain Numeric Character Is Configured + + 5.2.5 Ensure Complex Password Must Contain Special Character Is Configured + 5.2.6 Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is Configured + 5.5 Ensure login keychain is locked when the computer sleeps + - 5.15 Ensure Fast User Switching Is Disabled + |=== [cols="15%h, 85%a"] |=== |Section - |Appendix: Additional Considerations + |Applications - |Recommendations - |7.1 Extensible Firmware Interface (EFI) password + - 7.2 FileVault and Local Account Password Reset using AppleID + + |6.2.1 Ensure Protect Mail Activity in Mail Is Enabled + + 6.3.2 Ensure Warn When Visiting A Fradulent Website in Safari Is Enabled + + 6.3.3 Ensure Prevent Cross-site Tracking in Safari Is Enabled + + 6.3.4 Audit Hide IP Address in Safari Setting + + 6.3.5 Ensure Advertising Privacy Protection in Safari Is Enabled + + 6.3.6 Ensure Show Full Website Address in Safari Is Enabled + + 6.3.7 Audit History and Remove History Items + |=== check: | fix: |