Merge branch 'dev_sequoia_cis' into sequoia

2026-02-03 14:03:24 +00:00 · 2025-06-18 14:03:48 -04:00
parent 7c820db2fe 2bce7b1672
commit 0fc9c43543
38 changed files with 103 additions and 49 deletions
--- a/baselines/cis_lvl1.yaml
+++ b/baselines/cis_lvl1.yaml
@@ -1,6 +1,6 @@
-title: "macOS 15.0: Security Configuration - CIS Apple macOS 15.0 Sequoia v1.0.0 Benchmark (Level 1)"
+title: "macOS 15.0: Security Configuration - CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 1)"
 description: |
-  This guide describes the actions to take when securing a macOS 15.0 system against the CIS Apple macOS 15.0 Sequoia v1.0.0 Benchmark (Level 1) security baseline.
+  This guide describes the actions to take when securing a macOS 15.0 system against the CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 1) security baseline.
 authors: |
  *macOS Security Compliance Project*

@@ -39,9 +39,12 @@ profile:
      - os_home_folders_secure
      - os_httpd_disable
      - os_install_log_retention_configure
+      - os_mail_summary_disable
      - os_mdm_require
      - os_mobile_file_integrity_enable
      - os_nfsd_disable
+      - os_notes_transcription_disable
+      - os_notes_transcription_summary_disable
      - os_on_device_dictation_enforce
      - os_password_hint_remove
      - os_power_nap_disable
@@ -63,6 +66,7 @@ profile:
      - os_time_server_enabled
      - os_unlock_active_user_session_disable
      - os_world_writable_system_folder_configure
+      - os_writing_tools_disable
  - section: "passwordpolicy"
    rules:
      - pwpolicy_account_lockout_enforce
@@ -78,12 +82,15 @@ profile:
      - system_settings_bluetooth_sharing_disable
      - system_settings_critical_update_install_enforce
      - system_settings_diagnostics_reports_disable
+      - system_settings_external_intelligence_disable
+      - system_settings_external_intelligence_sign_in_disable
      - system_settings_filevault_enforce
      - system_settings_firewall_enable
      - system_settings_firewall_stealth_mode_enable
      - system_settings_guest_access_smb_disable
      - system_settings_guest_account_disable
      - system_settings_improve_assistive_voice_disable
+      - system_settings_improve_search_disable
      - system_settings_improve_siri_dictation_disable
      - system_settings_install_macos_updates_enforce
      - system_settings_internet_sharing_disable
@@ -97,6 +104,7 @@ profile:
      - system_settings_screen_sharing_disable
      - system_settings_screensaver_ask_for_password_delay_enforce
      - system_settings_screensaver_timeout_enforce
+      - system_settings_siri_disable
      - system_settings_siri_listen_disable
      - system_settings_smbd_disable
      - system_settings_software_update_app_update_enforce
--- a/baselines/cis_lvl2.yaml
+++ b/baselines/cis_lvl2.yaml
@@ -1,6 +1,6 @@
-title: "macOS 15.0: Security Configuration - CIS Apple macOS 15.0 Sequoia v1.0.0 Benchmark (Level 2)"
+title: "macOS 15.0: Security Configuration - CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 2)"
 description: |
-  This guide describes the actions to take when securing a macOS 15.0 system against the CIS Apple macOS 15.0 Sequoia v1.0.0 Benchmark (Level 2) security baseline.
+  This guide describes the actions to take when securing a macOS 15.0 system against the CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 2) security baseline.
 authors: |
  *macOS Security Compliance Project*

@@ -50,9 +50,12 @@ profile:
      - os_home_folders_secure
      - os_httpd_disable
      - os_install_log_retention_configure
+      - os_mail_summary_disable
      - os_mdm_require
      - os_mobile_file_integrity_enable
      - os_nfsd_disable
+      - os_notes_transcription_disable
+      - os_notes_transcription_summary_disable
      - os_on_device_dictation_enforce
      - os_password_hint_remove
      - os_policy_banner_loginwindow_enforce
@@ -77,6 +80,7 @@ profile:
      - os_unlock_active_user_session_disable
      - os_world_writable_library_folder_configure
      - os_world_writable_system_folder_configure
+      - os_writing_tools_disable
  - section: "passwordpolicy"
    rules:
      - pwpolicy_account_lockout_enforce
@@ -96,6 +100,8 @@ profile:
      - system_settings_content_caching_disable
      - system_settings_critical_update_install_enforce
      - system_settings_diagnostics_reports_disable
+      - system_settings_external_intelligence_disable
+      - system_settings_external_intelligence_sign_in_disable
      - system_settings_filevault_enforce
      - system_settings_firewall_enable
      - system_settings_firewall_stealth_mode_enable
@@ -103,6 +109,7 @@ profile:
      - system_settings_guest_account_disable
      - system_settings_hot_corners_secure
      - system_settings_improve_assistive_voice_disable
+      - system_settings_improve_search_disable
      - system_settings_improve_siri_dictation_disable
      - system_settings_install_macos_updates_enforce
      - system_settings_internet_sharing_disable
@@ -119,7 +126,7 @@ profile:
      - system_settings_screen_sharing_disable
      - system_settings_screensaver_ask_for_password_delay_enforce
      - system_settings_screensaver_timeout_enforce
-      - system_settings_siri_listen_disable
+      - system_settings_siri_disable
      - system_settings_smbd_disable
      - system_settings_software_update_app_update_enforce
      - system_settings_software_update_download_enforce
--- a/includes/mscp-data.yaml
+++ b/includes/mscp-data.yaml
@@ -83,8 +83,8 @@ titles:
  800-53r5_moderate: NIST SP 800-53 Rev 5 Moderate Impact
  800-53r5_low: NIST SP 800-53 Rev 5 Low Impact
  800-171: NIST 800-171 Rev 3
-  cis_lvl1: CIS Apple macOS 15.0 Sequoia v1.0.0 Benchmark (Level 1)
-  cis_lvl2: CIS Apple macOS 15.0 Sequoia v1.0.0 Benchmark (Level 2)
+  cis_lvl1: CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 1)
+  cis_lvl2: CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 2)
  cmmc_lvl1: US CMMC 2.0 Level 1
  cmmc_lvl2: US CMMC 2.0 Level 2
  cisv8: CIS Controls Version 8
--- a/rules/os/os_mail_summary_disable.yaml
+++ b/rules/os/os_mail_summary_disable.yaml
@@ -24,7 +24,12 @@ references:
    - SC-7(10)
  800-171r3:
    - 03.01.20
-    - 03.04.06    
+    - 03.04.06
+  cis:
+    benchmark:
+      - 2.5.1.3 (level 1)
+    controls v8:
+      - N/A
  cmmc:
    - AC.L1-3.1.20
    - CM.L2-3.4.6
@@ -38,6 +43,8 @@ tags:
  - 800-171
  - cmmc_lvl2
  - cmmc_lvl1
+  - cis_lvl1
+  - cis_lvl2
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/os/os_nfsd_disable.yaml
+++ b/rules/os/os_nfsd_disable.yaml
@@ -3,13 +3,19 @@ title: Disable Network File System Service
 discussion: |
  Support for Network File Systems (NFS) services is non-essential and, therefore, _MUST_ be disabled.
 check: |
-  /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.nfsd" => disabled'
+  isDisabled=$(/sbin/nfsd status | /usr/bin/awk '/nfsd service/ {print $NF}')    
+  if [[ "$isDisabled" == "disabled" ]] && [[ -z $(/usr/bin/pgrep nfsd) ]]; then
+    echo "pass"
+  else
+    echo "fail"
+  fi
 result:
-  integer: 1
+  string: "pass"
 fix: |
  [source,bash]
  ----
  /bin/launchctl disable system/com.apple.nfsd
+  /bin/rm -rf /etc/exports
  ----
  The system may need to be restarted for the update to take effect.
 references:
--- a/rules/os/os_notes_transcription_disable.yaml
+++ b/rules/os/os_notes_transcription_disable.yaml
@@ -29,7 +29,12 @@ references:
    - SC-7(10)
  800-171r3:
    - 03.01.20
-    - 03.04.06    
+    - 03.04.06
+  cis:
+    benchmark:
+      - 2.5.1.4 (level 1)
+    controls v8:
+      - N/A
  cmmc:
    - AC.L1-3.1.20
    - CM.L2-3.4.6
@@ -46,6 +51,8 @@ tags:
  - cmmc_lvl2
  - cmmc_lvl1
  - cnssi-1253_moderate
+  - cis_lvl1
+  - cis_lvl2
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/os/os_notes_transcription_summary_disable.yaml
+++ b/rules/os/os_notes_transcription_summary_disable.yaml
@@ -29,7 +29,12 @@ references:
    - SC-7(10)
  800-171r3:
    - 03.01.20
-    - 03.04.06    
+    - 03.04.06
+  cis:
+    benchmark:
+      - 2.5.1.4 (level 1)
+    controls v8:
+      - N/A
  cmmc:
    - AC.L1-3.1.20
    - CM.L2-3.4.6
@@ -46,6 +51,8 @@ tags:
  - cmmc_lvl2
  - cmmc_lvl1
  - cnssi-1253_moderate
+  - cis_lvl1
+  - cis_lvl2
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/os/os_password_hint_remove.yaml
+++ b/rules/os/os_password_hint_remove.yaml
@@ -32,7 +32,7 @@ references:
    - 03.05.11
  cis:
    benchmark:
-      - 2.11.1 (level 1)
+      - 2.12.1 (level 1)
    controls v8:
      - 5.2
  cmmc:
--- a/rules/os/os_power_nap_disable.yaml
+++ b/rules/os/os_power_nap_disable.yaml
@@ -41,7 +41,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.9.2 (level 1)
+      - 2.10.2 (level 1)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/os/os_sleep_and_display_sleep_apple_silicon_enable.yaml
+++ b/rules/os/os_sleep_and_display_sleep_apple_silicon_enable.yaml
@@ -41,7 +41,7 @@ references:
    - N/A
  cis:
    benchmark:
-      - 2.9.1.2 (level 2)
+      - 2.10.1.1 (level 2)
    controls v8:
      - 4.1
 macOS:
--- a/rules/os/os_writing_tools_disable.yaml
+++ b/rules/os/os_writing_tools_disable.yaml
@@ -34,6 +34,11 @@ references:
    - AC.L1-3.1.20
    - CM.L2-3.4.6
    - CM.L2-3.4.7
+  cis:
+    benchmark:
+      - 2.5.1.2 (level 1)
+    controls v8:
+      - N/A
 macOS:
  - '15.0'
 tags:
@@ -47,6 +52,8 @@ tags:
  - cmmc_lvl2
  - cmmc_lvl1
  - cnssi-1253_moderate
+  - cis_lvl1
+  - cis_lvl2
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/pwpolicy/pwpolicy_50_percent.yaml
+++ b/rules/pwpolicy/pwpolicy_50_percent.yaml
@@ -35,6 +35,5 @@ tags:
  - 800-53r4_moderate
  - 800-53r4_high
  - permanent
-  - srg
 mobileconfig: false
 mobileconfig_info:
--- a/rules/supplemental/supplemental_cis_manual.yaml
+++ b/rules/supplemental/supplemental_cis_manual.yaml
@@ -15,21 +15,21 @@ discussion: |
  2.1.1.5 Audit Freeform Sync to iCloud +
  2.1.1.6 Audit Find My Mac +
  2.1.2 Audit App Store Password Settings +
-  2.3.3.12 Ensure Computer Name Does Not Contain PII or Protected Organizational Information +
-  2.5.1 Audit Siri Settings +
+  2.3.3.11 Ensure Computer Name Does Not Contain PII or Protected Organizational Information +
+  2.5.2.2 Ensure Listen for Siri is Disabled +
  2.6.1.3 Audit Location Services Access +
  2.6.2.1 Audit Full Disk Access for Applications +
  2.6.3.5 Ensure Share iCloud Analytics Is Disabled +
  2.6.7 Audit Lockdown Mode +
  2.7.2 Audit iPhone Mirroring +
  2.8.1 Audit Universal Control Settings +
-  2.9.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) +
-  2.11.2 Audit Touch ID +
-  2.13.1 Audit Passwords System Preference Setting +
+  2.10.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) +
+  2.12.2 Audit Touch ID +
  2.14.1 Audit Game Center Settings +
  2.15.1 Audit Notification & Focus Settings +
  2.16.1 Audit Wallet & Apple Pay Settings +
  2.17.1 Audit Internet Accounts for Authorized Use +
+  6.5.1 Audit Passwords System Preference Setting +
  |===

  [cols="15%h, 85%a"]
--- a/rules/system_settings/system_settings_automatic_login_disable.yaml
+++ b/rules/system_settings/system_settings_automatic_login_disable.yaml
@@ -34,7 +34,7 @@ references:
    - 03.05.01
  cis:
    benchmark:
-      - 2.12.3 (level 1)
+      - 2.13.3 (level 1)
    controls v8:
      - 4.7
  cmmc:
--- a/rules/system_settings/system_settings_bluetooth_sharing_disable.yaml
+++ b/rules/system_settings/system_settings_bluetooth_sharing_disable.yaml
@@ -47,7 +47,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.11 (level 1)
+      - 2.3.3.10 (level 1)
    controls v8:
      - 3.3
      - 4.1
--- a/rules/system_settings/system_settings_content_caching_disable.yaml
+++ b/rules/system_settings/system_settings_content_caching_disable.yaml
@@ -32,7 +32,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.9 (level 2)
+      - 2.3.3.8 (level 2)
    controls v8:
      - 4.8
  cmmc:
--- a/rules/system_settings/system_settings_external_intelligence_disable.yaml
+++ b/rules/system_settings/system_settings_external_intelligence_disable.yaml
@@ -1,7 +1,7 @@
 id: system_settings_external_intelligence_disable
 title: Disable External Intelligence Integrations
 discussion: |
-  Integration with external intelligence systems _MUST_ be disabled unless approved by the organiztion. Disabling external intelligence integration will mitigate the risk of data being sent to unapproved third party.
+  Integration with external intelligence systems _MUST_ be disabled unless approved by the organization. Disabling external intelligence integration will mitigate the risk of data being sent to unapproved third party.

  The information system _MUST_ be configured to provide only essential capabilities.
 check: |
@@ -35,7 +35,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - N/A
+      - 2.5.1.1 (level 1)
    controls v8:
      - 4.1
      - 4.8
@@ -58,6 +58,8 @@ tags:
  - cnssi-1253_low
  - cnssi-1253_high
  - cnssi-1253_moderate
+  - cis_lvl1
+  - cis_lvl2
 severity: medium
 mobileconfig: true
 mobileconfig_info:
--- a/rules/system_settings/system_settings_external_intelligence_sign_in_disable.yaml
+++ b/rules/system_settings/system_settings_external_intelligence_sign_in_disable.yaml
@@ -35,7 +35,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - N/A
+      - 2.5.1.1 (level 1)
    controls v8:
      - 4.1
      - 4.8
@@ -58,6 +58,8 @@ tags:
  - cnssi-1253_low
  - cnssi-1253_high
  - cnssi-1253_moderate
+  - cis_lvl1
+  - cis_lvl2
 severity: medium
 mobileconfig: true
 mobileconfig_info:
--- a/rules/system_settings/system_settings_guest_access_smb_disable.yaml
+++ b/rules/system_settings/system_settings_guest_access_smb_disable.yaml
@@ -32,7 +32,7 @@ references:
    - N/A
  cis:
    benchmark:
-      - 2.12.2 (level 1)
+      - 2.13.2 (level 1)
    controls v8:
      - 3.3
  cmmc:
--- a/rules/system_settings/system_settings_guest_account_disable.yaml
+++ b/rules/system_settings/system_settings_guest_account_disable.yaml
@@ -42,7 +42,7 @@ references:
    - 03.01.01
  cis:
    benchmark:
-      - 2.12.1 (level 1)
+      - 2.13.1 (level 1)
    controls v8:
      - 5.2
      - 6.2
--- a/rules/system_settings/system_settings_improve_search_disable.yaml
+++ b/rules/system_settings/system_settings_improve_search_disable.yaml
@@ -38,7 +38,7 @@ references:
    - APPL-15-002024
  cis:
    benchmark:
-      - N/A
+      - 2.9.1 (level 1)
    controls v8:
      - 4.1
      - 4.8
@@ -63,6 +63,8 @@ tags:
  - cmmc_lvl1
  - stig
  - cnssi-1253_moderate
+  - cis_lvl1
+  - cis_lvl2
 severity: medium
 mobileconfig: true
 mobileconfig_info:
--- a/rules/system_settings/system_settings_internet_sharing_disable.yaml
+++ b/rules/system_settings/system_settings_internet_sharing_disable.yaml
@@ -33,7 +33,7 @@ references:
    - 03.01.20
  cis:
    benchmark:
-      - 2.3.3.8 (level 1)
+      - 2.3.3.7 (level 1)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/system_settings/system_settings_loginwindow_loginwindowtext_enable.yaml
+++ b/rules/system_settings/system_settings_loginwindow_loginwindowtext_enable.yaml
@@ -28,7 +28,7 @@ references:
    - N/A
  cis:
    benchmark:
-      - 2.10.3 (level 1)
+      - 2.11.3 (level 1)
    controls v8:
      - 4.1
 macOS:
--- a/rules/system_settings/system_settings_loginwindow_prompt_username_password_enforce.yaml
+++ b/rules/system_settings/system_settings_loginwindow_prompt_username_password_enforce.yaml
@@ -30,7 +30,7 @@ references:
    - 03.05.01
  cis:
    benchmark:
-      - 2.10.4 (level 1)
+      - 2.11.4 (level 1)
    controls v8:
      - 4.1
  cmmc:
--- a/rules/system_settings/system_settings_media_sharing_disabled.yaml
+++ b/rules/system_settings/system_settings_media_sharing_disabled.yaml
@@ -43,7 +43,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.10 (level 2)
+      - 2.3.3.9 (level 2)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/system_settings/system_settings_password_hints_disable.yaml
+++ b/rules/system_settings/system_settings_password_hints_disable.yaml
@@ -30,7 +30,7 @@ references:
    - 03.05.11
  cis:
    benchmark:
-      - 2.10.5 (level 1)
+      - 2.11.5 (level 1)
    controls v8:
      - 4.1
  cmmc:
--- a/rules/system_settings/system_settings_printer_sharing_disable.yaml
+++ b/rules/system_settings/system_settings_printer_sharing_disable.yaml
@@ -31,7 +31,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.4 (level 1)
+      - 2.3.3.3 (level 1)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/system_settings/system_settings_rae_disable.yaml
+++ b/rules/system_settings/system_settings_rae_disable.yaml
@@ -36,7 +36,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.7 (level 1)
+      - 2.3.3.6 (level 1)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/system_settings/system_settings_remote_management_disable.yaml
+++ b/rules/system_settings/system_settings_remote_management_disable.yaml
@@ -31,7 +31,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.6 (level 1)
+      - 2.3.3.5 (level 1)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/system_settings/system_settings_screen_sharing_disable.yaml
+++ b/rules/system_settings/system_settings_screen_sharing_disable.yaml
@@ -34,7 +34,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.2 (level 1)
+      - 2.3.3.1 (level 1)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/system_settings/system_settings_screensaver_ask_for_password_delay_enforce.yaml
+++ b/rules/system_settings/system_settings_screensaver_ask_for_password_delay_enforce.yaml
@@ -37,7 +37,7 @@ references:
    - 03.01.10
  cis:
    benchmark:
-      - 2.10.2 (level 1)
+      - 2.11.2 (level 1)
    controls v8:
      - 4.7
  cmmc:
--- a/rules/system_settings/system_settings_screensaver_timeout_enforce.yaml
+++ b/rules/system_settings/system_settings_screensaver_timeout_enforce.yaml
@@ -39,7 +39,7 @@ references:
    - 03.05.01
  cis:
    benchmark:
-      - 2.10.1 (level 1)
+      - 2.11.1 (level 1)
    controls v8:
      - 4.3
  cmmc:
--- a/rules/system_settings/system_settings_siri_disable.yaml
+++ b/rules/system_settings/system_settings_siri_disable.yaml
@@ -38,7 +38,7 @@ references:
    - 03.04.08
  cis:
    benchmark:
-      - N/A
+      - 2.5.2.1 (level 1)
    controls v8:
      - 4.1
      - 4.8
@@ -63,6 +63,8 @@ tags:
  - cmmc_lvl1
  - stig
  - cnssi-1253_moderate
+  - cis_lvl1
+  - cis_lvl2  
 severity: medium
 mobileconfig: true
 mobileconfig_info:
--- a/rules/system_settings/system_settings_siri_listen_disable.yaml
+++ b/rules/system_settings/system_settings_siri_listen_disable.yaml
@@ -26,15 +26,13 @@ references:
    - N/A
  cis:
    benchmark:
-      - 2.5.2 (level 1)
+      - N/A
    controls v8:
      - 4.1
      - 4.8
 macOS:
  - "15.0"
 tags:
-  - cis_lvl1
-  - cis_lvl2
  - cisv8
 mobileconfig: true
 mobileconfig_info:
--- a/rules/system_settings/system_settings_smbd_disable.yaml
+++ b/rules/system_settings/system_settings_smbd_disable.yaml
@@ -33,7 +33,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.3 (level 1)
+      - 2.3.3.2 (level 1)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/system_settings/system_settings_ssh_disable.yaml
+++ b/rules/system_settings/system_settings_ssh_disable.yaml
@@ -35,7 +35,7 @@ references:
    - 03.04.06
  cis:
    benchmark:
-      - 2.3.3.5 (level 1)
+      - 2.3.3.4 (level 1)
    controls v8:
      - 4.1
      - 4.8
--- a/rules/system_settings/system_settings_wake_network_access_disable.yaml
+++ b/rules/system_settings/system_settings_wake_network_access_disable.yaml
@@ -28,7 +28,7 @@ references:
    - N/A
  cis:
    benchmark:
-      - 2.9.3 (level 1)
+      - 2.10.3 (level 1)
    controls v8:
      - 4.8
 macOS:
--- a/templates/adoc_additional_docs.adoc
+++ b/templates/adoc_additional_docs.adoc
@@ -64,5 +64,5 @@ ASSOCIATED DOCUMENTS
 |===
 |Document Number or Descriptor
 |Document Title
-|link:https://www.cisecurity.org/benchmark/apple_os/[Apple macOS 14.0]|_CIS Apple macOS 14.0 Benchmark version 1.1.0_
+|link:https://www.cisecurity.org/benchmark/apple_os/[Apple macOS 15.0]|_CIS Apple macOS 15.0 Benchmark version 1.1.0_
 |===