usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-06-10 19:10:30 +01:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Merge pull request #644 from root3nl/ios_26
Some checks failed
Spell Check / spellcheck (push) Has been cancelled
Details

Browse Source 
NLMAPGOV for iOS/iPadOS 26
This commit is contained in:
Bob Gendler
2026-03-26 12:18:00 -04:00
committed by GitHub
parent 249e4db1b7 7add53f768
commit 10230e0115
44 changed files with 347 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
baselines/nlmapgov_base.yaml Normal file
View File

@@ -0,0 +1,24 @@
title: "iOS/iPadOS 26.0: Security Configuration - NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (base)"
description: |
This guide describes the actions to take when securing a iOS/iPadOS 26.0 system against the NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (base) security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |
*macOS Security Compliance Project*
|===
|Jordy Witteman|Root3
|Aron van den Herik|Root3
|===
parent_values: "nlmapgov_base"
profile:
- section: "ios"
rules:
- os_background_security_improvement_install_enable
- os_force_date_and_time_enable
- os_software_update_download_enforce
- os_software_update_install_enforce
- os_supervised_mdm_require
- section: "passwordpolicy"
rules:
- pwpolicy_force_pin_enable

57
baselines/nlmapgov_plus.yaml Normal file
View File

@@ -0,0 +1,57 @@
title: "iOS/iPadOS 26.0: Security Configuration - NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (plus)"
description: |
This guide describes the actions to take when securing a iOS/iPadOS 26.0 system against the NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (plus) security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |
*macOS Security Compliance Project*
|===
|Jordy Witteman|Root3
|Aron van den Herik|Root3
|===
parent_values: "nlmapgov_plus"
profile:
- section: "icloud"
rules:
- icloud_keychain_disable
- icloud_managed_apps_store_data_disabled
- section: "ios"
rules:
- os_airdrop_unmanaged_destination_enable
- os_allow_documents_managed_sources_unmanaged_destinations_disable
- os_apple_watch_wrist_detection_enable
- os_authentication_password_autofill_enable
- os_background_security_improvement_install_enable
- os_background_security_improvement_removal_disable
- os_diagnostics_reports_disable
- os_disallow_enterprise_app_trust
- os_external_intelligence_integration_sign_in_disable
- os_force_date_and_time_enable
- os_force_encrypted_backups_enable
- os_install_configuration_profile_disable
- os_install_vpn_configuration_disable
- os_iphone_mirroring_disable
- os_limit_ad_tracking_enable
- os_mail_maildrop_disable
- os_mail_move_messages_disable
- os_marketplace_prevent
- os_on_device_dictation_enforce
- os_on_device_translation_enforce
- os_personalized_advertising_disable
- os_require_managed_pasteboard_enforce
- os_safari_cookies_set
- os_safari_force_fraud_warning_enable
- os_software_update_download_enforce
- os_software_update_install_enforce
- os_ssl_for_exchange_activesync_enable
- os_supervised_mdm_require
- os_unpaired_boot_disable
- os_untrusted_tls_disable
- os_usb_accessories_when_locked_disable
- os_web_distribution_app_installation_disable
- section: "passwordpolicy"
rules:
- pwpolicy_force_pin_enable
- pwpolicy_minimum_length_enforce
- pwpolicy_simple_sequence_disable

15
includes/mscp-data.yaml
View File

@@ -104,7 +104,15 @@ authors:
names:
- Henry Stamerjohann|Declarative IT GmbH
- Allen Golbig|Jamf
- Bob Gendler|National Institute of Standards and Technology
- Bob Gendler|National Institute of Standards and Technology
nlmapgov_base:
names:
- Jordy Witteman|Root3
- Aron van den Herik|Root3
nlmapgov_plus:
names:
- Jordy Witteman|Root3
- Aron van den Herik|Root3
titles:
all_rules: All Rules
800-53r5_high: NIST SP 800-53 Rev 5 High Impact
@@ -118,6 +126,9 @@ titles:
ios_stig: Apple iOS/iPadOS 26 STIG - Ver 1, Rel 1
indigo_base: BSI indigo iOS 26.x Base Configuration
indigo_high: BSI indigo iOS 26.x High Configuration
nlmapgov_base: NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (base)
nlmapgov_plus: NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (plus)
ddm:
supported_types: []
supported_types:
- com.apple.configuration.softwareupdate.settings
services: []

3
rules/icloud/icloud_keychain_disable.yaml
View File

@@ -32,6 +32,8 @@ references:
- 4.1
- 4.8
- 15.3
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -48,6 +50,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/icloud/icloud_managed_apps_store_data_disabled.yaml
View File

@@ -31,6 +31,8 @@ references:
- 3.2.1.7 (level 1 - Institutionally-Owned Devices)
controls v8:
- 2.3
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -49,6 +51,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_airdrop_unmanaged_destination_enable.yaml
View File

@@ -31,6 +31,8 @@ references:
- 3.2.1.23 (level 1 - Institutionally-Owned Devices)
controls v8:
- 3.3
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -49,6 +51,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_allow_documents_managed_sources_unmanaged_destinations_disable.yaml
View File

@@ -30,6 +30,8 @@ references:
- 3.2.1.21 (level 1 - Institutionally-Owned Devices)
controls v8:
- 3.3
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -48,6 +50,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_apple_watch_wrist_detection_enable.yaml
View File

@@ -24,6 +24,8 @@ references:
- 3.2.1.27 (level 1 - Institutionally-Owned Devices)
controls v8:
- 3.3
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -40,6 +42,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: low
supervised: false
mobileconfig: true

3
rules/os/os_authentication_password_autofill_enable.yaml
View File

@@ -24,6 +24,8 @@ references:
- 3.2.1.26 (level 1 - Institutionally-Owned Devices)
controls v8:
- 3.3
bio:
- 8.27
iOS:
- "26.0"
tags:
@@ -38,6 +40,7 @@ tags:
- cnssi-1253_moderate
- cnssi-1253_low
- cnssi-1253_high
- nlmapgov_plus
supervised: true
mobileconfig: true
mobileconfig_info:

24
rules/os/os_background_security_improvement_install_enable.yaml Normal file
View File

@@ -0,0 +1,24 @@
id: os_background_security_improvement_install_enable
title: Enforce Background Security Improvements are Automatically Installed using DDM.
discussion: |
Background Security Improments _MUST_ be configured to enforce automatic installation and that the user cannot modify the setting within Settings.
check: " "
fix: |
This is implemented by Declarative Device Management (DDM).
references:
bio:
- 8.08
iOS:
- "26.0"
tags:
- ios
- nlmapgov_base
- nlmapgov_plus
supervised: true
mobileconfig: false
mobileconfig_info:
ddm_info:
declarationtype: com.apple.configuration.softwareupdate.settings
ddm_key: RapidSecurityResponse
ddm_value:
Enable: true

23
rules/os/os_background_security_improvement_removal_disable.yaml Normal file
View File

@@ -0,0 +1,23 @@
id: os_background_security_improvement_removal_disable
title: Disable rollback of Background Security Improvements using DDM.
discussion: |
The ability for the user to roll back Background Security Improvements _MUST_ be disabled.
check: " "
fix: |
This is implemented by Declarative Device Management (DDM).
references:
bio:
- 8.08
iOS:
- "26.0"
tags:
- ios
- nlmapgov_plus
supervised: true
mobileconfig: false
mobileconfig_info:
ddm_info:
declarationtype: com.apple.configuration.softwareupdate.settings
ddm_key: RapidSecurityResponse
ddm_value:
EnableRollback: false

3
rules/os/os_diagnostics_reports_disable.yaml
View File

@@ -28,6 +28,8 @@ references:
- 3.2.1.25 (level 1 - Institutionally-Owned Devices)
controls v8:
- 4.8
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -46,6 +48,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_disallow_enterprise_app_trust.yaml
View File

@@ -22,6 +22,8 @@ references:
- N/A
controls v8:
- N/A
bio:
- 8.27
iOS:
- '26.0'
tags:
@@ -35,6 +37,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: low
supervised: false
mobileconfig: true

4
rules/os/os_external_intelligence_integration_sign_in_disable.yaml
View File

@@ -30,6 +30,9 @@ references:
- 15.3
indigo:
- ANNEX K
bio:
- 8.12
- 8.12.01
iOS:
- '26.0'
tags:
@@ -45,6 +48,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: true
mobileconfig: true

4
rules/os/os_force_date_and_time_enable.yaml
View File

@@ -25,6 +25,8 @@ references:
- 3.2.1.17 (level 1 - Institutionally-Owned Devices)
controls v8:
- 8.4
bio:
- 8.17
iOS:
- "26.0"
tags:
@@ -42,6 +44,8 @@ tags:
- cnssi-1253_moderate
- cnssi-1253_low
- cnssi-1253_high
- nlmapgov_base
- nlmapgov_plus
supervised: false
mobileconfig: true
mobileconfig_info:

3
rules/os/os_force_encrypted_backups_enable.yaml
View File

@@ -30,6 +30,8 @@ references:
- 3.2.1.10 (level 1 - Institutionally-Owned Devices)
controls v8:
- 11.3
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -48,6 +50,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_install_configuration_profile_disable.yaml
View File

@@ -27,6 +27,8 @@ references:
- 3.2.1.15 (level 1 - Institutionally-Owned Devices)
controls v8:
- 4.1
bio:
- 8.27
iOS:
- '26.0'
tags:
@@ -40,6 +42,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: true
mobileconfig: true

3
rules/os/os_install_vpn_configuration_disable.yaml
View File

@@ -29,6 +29,8 @@ references:
- 3.2.1.16 (level 1 - Institutionally-Owned Devices)
controls v8:
- 12.7
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -45,6 +47,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: low
supervised: true
mobileconfig: true

3
rules/os/os_iphone_mirroring_disable.yaml
View File

@@ -21,6 +21,8 @@ references:
- ANNEX K
disa_stig:
- AIOS-26-015800
bio:
- 8.12
iOS:
- "26.0"
tags:
@@ -31,6 +33,7 @@ tags:
- cnssi-1253_moderate
- cnssi-1253_low
- cnssi-1253_high
- nlmapgov_plus
supervised: false
mobileconfig: true
mobileconfig_info:

3
rules/os/os_limit_ad_tracking_enable.yaml
View File

@@ -30,6 +30,8 @@ references:
- N/A
controls v8:
- 4.8
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -43,6 +45,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: low
supervised: false
mobileconfig: true

3
rules/os/os_mail_maildrop_disable.yaml
View File

@@ -30,6 +30,8 @@ references:
- 3.7.2 (level 2 - Institutionally-Owned Devices)
controls v8:
- 3.3
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -46,6 +48,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_mail_move_messages_disable.yaml
View File

@@ -30,6 +30,8 @@ references:
- 3.7.1 (level 1 - Institutionally-Owned Devices)
controls v8:
- 3.3
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -48,6 +50,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_marketplace_prevent.yaml
View File

@@ -18,6 +18,8 @@ references:
- AIOS-26-014900
indigo:
- ANNEX K
bio:
- 8.27
iOS:
- '26.0'
tags:
@@ -31,6 +33,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: true
mobileconfig: true

3
rules/os/os_on_device_dictation_enforce.yaml
View File

@@ -29,6 +29,8 @@ references:
- N/A
controls v8:
- N/A
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -42,6 +44,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_on_device_translation_enforce.yaml
View File

@@ -29,6 +29,8 @@ references:
- N/A
controls v8:
- N/A
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -42,6 +44,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_personalized_advertising_disable.yaml
View File

@@ -28,6 +28,8 @@ references:
- 3.2.1.11 (level 1 - Institutionally-Owned Devices)
controls v8:
- 4.8
bio:
- 8.12
iOS:
- "26.0"
tags:
@@ -44,6 +46,7 @@ tags:
- cnssi-1253_moderate
- cnssi-1253_low
- cnssi-1253_high
- nlmapgov_plus
supervised: false
mobileconfig: true
mobileconfig_info:

3
rules/os/os_require_managed_pasteboard_enforce.yaml
View File

@@ -28,6 +28,8 @@ references:
- N/A
controls v8:
- N/A
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -38,6 +40,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/os/os_safari_cookies_set.yaml
View File

@@ -24,6 +24,8 @@ references:
- 3.2.2.2 (level 1 - Institutionally-Owned Devices)
controls v8:
- 9.4
bio:
- 8.27
iOS:
- "26.0"
tags:
@@ -34,6 +36,7 @@ tags:
- cis_lvl2_enterprise
- cisv8
- indigo_high
- nlmapgov_plus
supervised: false
mobileconfig: true
mobileconfig_info:

3
rules/os/os_safari_force_fraud_warning_enable.yaml
View File

@@ -24,6 +24,8 @@ references:
- 3.2.2.1 (level 1 - Institutionally-Owned Devices)
controls v8:
- 9.4
bio:
- 8.27
iOS:
- "26.0"
tags:
@@ -34,6 +36,7 @@ tags:
- cis_lvl2_enterprise
- cisv8
- indigo_high
- nlmapgov_plus
supervised: false
mobileconfig: true
mobileconfig_info:

24
rules/os/os_software_update_download_enforce.yaml Normal file
View File

@@ -0,0 +1,24 @@
id: os_software_update_download_enforce
title: Enforce Software Update Downloads Automatically using DDM.
discussion: |
Software Update _MUST_ be configured to enforce automatic downloads of updates from Apple and that the user cannot modify the setting within Settings.
check: " "
fix: |
This is implemented by Declarative Device Management (DDM).
references:
bio:
- 8.08
iOS:
- "26.0"
tags:
- ios
- nlmapgov_base
- nlmapgov_plus
supervised: true
mobileconfig: false
mobileconfig_info:
ddm_info:
declarationtype: com.apple.configuration.softwareupdate.settings
ddm_key: AutomaticActions
ddm_value:
Download: AlwaysOn

24
rules/os/os_software_update_install_enforce.yaml Normal file
View File

@@ -0,0 +1,24 @@
id: os_software_update_install_enforce
title: Enforce iOS/iPadOS Updates are Automatically Installed using DDM.
discussion: |
Software Update _MUST_ be configured to enforce automatic installation of iOS/iPadOS updates and that the user cannot modify the setting within Settings.
check: " "
fix: |
This is implemented by Declarative Device Management (DDM).
references:
bio:
- 8.08
iOS:
- "26.0"
tags:
- ios
- nlmapgov_base
- nlmapgov_plus
supervised: true
mobileconfig: false
mobileconfig_info:
ddm_info:
declarationtype: com.apple.configuration.softwareupdate.settings
ddm_key: AutomaticActions
ddm_value:
InstallOSUpdates: AlwaysOn

3
rules/os/os_ssl_for_exchange_activesync_enable.yaml
View File

@@ -23,6 +23,8 @@ references:
- N/A
controls v8:
- N/A
bio:
- 8.12
iOS:
- '26.0'
tags:
@@ -30,6 +32,7 @@ tags:
- indigo_base
- indigo_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

5
rules/os/os_supervised_mdm_require.yaml
View File

@@ -24,6 +24,9 @@ references:
- N/A
controls v8:
- N/A
bio:
- 8.09
- 8.18
iOS:
- '26.0'
tags:
@@ -36,6 +39,8 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_base
- nlmapgov_plus
severity: medium
mobileconfig: false
mobileconfig_info: null

3
rules/os/os_unpaired_boot_disable.yaml
View File

@@ -12,12 +12,15 @@ references:
- N/A
indigo:
- ANNEX K
bio:
- 8.27
iOS:
- "26.0"
tags:
- ios
- indigo_base
- indigo_high
- nlmapgov_plus
supervised: true
mobileconfig: true
mobileconfig_info:

3
rules/os/os_untrusted_tls_disable.yaml
View File

@@ -24,6 +24,8 @@ references:
- 3.2.1.13 (level 2 - Institutionally-Owned Devices)
controls v8:
- 4.1
bio:
- 8.27
iOS:
- "26.0"
tags:
@@ -32,6 +34,7 @@ tags:
- cis_lvl2_enterprise
- cisv8
- indigo_high
- nlmapgov_plus
supervised: false
mobileconfig: true
mobileconfig_info:

3
rules/os/os_usb_accessories_when_locked_disable.yaml
View File

@@ -28,6 +28,8 @@ references:
- 3.2.1.19 (level 1 - Institutionally-Owned Devices)
controls v8:
- 1.2
bio:
- 8.27
iOS:
- '26.0'
tags:
@@ -44,6 +46,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: true
mobileconfig: true

3
rules/os/os_web_distribution_app_installation_disable.yaml
View File

@@ -18,6 +18,8 @@ references:
- 'FMT_SMF_EXT.1.1 #3'
disa_stig:
- AIOS-26-015000
bio:
- 8.27
iOS:
- '26.0'
tags:
@@ -31,6 +33,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

4
rules/pwpolicy/pwpolicy_force_pin_enable.yaml
View File

@@ -25,6 +25,8 @@ references:
- N/A
controls v8:
- N/A
bio:
- 8.24
iOS:
- '26.0'
tags:
@@ -35,6 +37,8 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_base
- nlmapgov_plus
severity: high
mobileconfig: 'true'
mobileconfig_info:

4
rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml
View File

@@ -27,6 +27,8 @@ references:
- 3.4.3 (level 1 - Institutionally-Owned Devices)
controls v8:
- 5.2
bio:
- 5.17
iOS:
- '26.0'
odv:
@@ -40,6 +42,7 @@ odv:
ios_stig_byoad: 6
indigo_base: 8
indigo_high: 8
nlmapgov_plus: 6
tags:
- ios
- 800-53r5_low
@@ -56,6 +59,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

3
rules/pwpolicy/pwpolicy_simple_sequence_disable.yaml
View File

@@ -27,6 +27,8 @@ references:
- 3.4.1 (level 1 - Institutionally-Owned Devices)
controls v8:
- 5.2
bio:
- 5.17
iOS:
- '26.0'
tags:
@@ -45,6 +47,7 @@ tags:
- cnssi-1253_low
- cnssi-1253_high
- ios_stig
- nlmapgov_plus
severity: medium
supervised: false
mobileconfig: true

48
scripts/generate_guidance.py
View File

@@ -42,6 +42,7 @@ class MacSecurityRule:
cis,
cmmc,
indigo,
bio,
custom_refs,
odv,
tags,
@@ -66,6 +67,7 @@ class MacSecurityRule:
self.rule_cis = cis
self.rule_cmmc = cmmc
self.rule_indigo = indigo
self.rule_bio = bio
self.rule_custom_refs = custom_refs
self.rule_odv = odv
self.rule_result_value = result_value
@@ -90,6 +92,7 @@ class MacSecurityRule:
rule_cis=self.rule_cis,
rule_cmmc=self.rule_cmmc,
rule_indigo=self.rule_indigo,
rule_bio=self.rule_bio,
rule_srg=self.rule_srg,
rule_result=self.rule_result_value,
)
@@ -1771,9 +1774,10 @@ def generate_xls(baseline_name, build_path, baseline_yaml):
sheet1.write(0, 14, "CIS v8", headers)
sheet1.write(0, 15, "CMMC", headers)
sheet1.write(0, 16, "indigo", headers)
sheet1.write(0, 17, "CCI", headers)
sheet1.write(0, 18, "Severity", headers)
sheet1.write(0, 19, "Modified Rule", headers)
sheet1.write(0, 17, "BIO", headers)
sheet1.write(0, 18, "CCI", headers)
sheet1.write(0, 19, "Severity", headers)
sheet1.write(0, 20, "Modified Rule", headers)
sheet1.set_panes_frozen(True)
sheet1.set_horz_split_pos(1)
sheet1.set_vert_split_pos(2)
@@ -1883,11 +1887,17 @@ def generate_xls(baseline_name, build_path, baseline_yaml):
sheet1.write(counter, 16, indigo_refs, topWrap)
sheet1.col(16).width = 500 * 15
bio_refs = (str(rule.rule_bio)).strip("[]'")
bio_refs = bio_refs.replace(", ", "\n").replace("'", "")
sheet1.write(counter, 17, bio_refs, topWrap)
sheet1.col(17).width = 500 * 15
cci = (str(rule.rule_cci)).strip("[]'")
cci = cci.replace(", ", "\n").replace("'", "")
sheet1.write(counter, 17, cci, topWrap)
sheet1.col(17).width = 400 * 15
sheet1.write(counter, 18, cci, topWrap)
sheet1.col(18).width = 400 * 15
# determine severity
# uses 'parent_values' from baseline.yaml file to determine which/if any severity to use
@@ -1901,14 +1911,14 @@ def generate_xls(baseline_name, build_path, baseline_yaml):
elif isinstance(rule.rule_severity, str):
severity = f"{rule.rule_severity}"
sheet1.write(counter, 18, severity, topWrap)
sheet1.col(18).width = 400 * 15
sheet1.write(counter, 19, severity, topWrap)
sheet1.col(19).width = 400 * 15
customized = (str(rule.rule_customized)).strip("[]'")
customized = customized.replace(", ", "\n").replace("'", "")
sheet1.write(counter, 19, customized, topWrap)
sheet1.col(19).width = 400 * 15
sheet1.write(counter, 20, customized, topWrap)
sheet1.col(20).width = 400 * 15
if rule.rule_custom_refs != ["None"]:
for title, ref in rule.rule_custom_refs.items():
@@ -1958,6 +1968,7 @@ def create_rules(baseline_yaml):
"cis",
"cmmc",
"indigo",
"bio",
"srg",
"sfr",
"custom",
@@ -2011,6 +2022,7 @@ def create_rules(baseline_yaml):
rule_yaml["references"]["cis"],
rule_yaml["references"]["cmmc"],
rule_yaml["references"]["indigo"],
rule_yaml["references"]["bio"],
rule_yaml["references"]["custom"],
rule_yaml["odv"],
rule_yaml["tags"],
@@ -2360,6 +2372,11 @@ def main():
else:
adoc_171_show = ":show_171!:"
if "NLMAPGOV" in baseline_yaml["title"].upper():
adoc_BIO_show = ":show_BIO:"
else:
adoc_BIO_show = ":show_BIO!:"
if args.gary:
adoc_tag_show = ":show_tags:"
adoc_STIG_show = ":show_STIG:"
@@ -2367,6 +2384,7 @@ def main():
adoc_cmmc_show = ":show_CMMC:"
adoc_indigo_show = ":show_indigo:"
adoc_171_show = ":show_171:"
adoc_BIO_show = ":show_BIO:"
else:
adoc_tag_show = ":show_tags!:"
@@ -2395,6 +2413,7 @@ def main():
cis_attribute=adoc_cis_show,
cmmc_attribute=adoc_cmmc_show,
indigo_attribute=adoc_indigo_show,
bio_attribute=adoc_BIO_show,
version=version_yaml["version"],
os_version=version_yaml["os"],
release_date=version_yaml["date"],
@@ -2531,6 +2550,13 @@ def main():
else:
indigo = ulify(rule_yaml["references"]["indigo"])
try:
rule_yaml["references"]["bio"]
except KeyError:
bio = ""
else:
bio = ulify(rule_yaml["references"]["bio"])
try:
rule_yaml["references"]["srg"]
except KeyError:
@@ -2644,6 +2670,7 @@ def main():
rule_cis=cis,
rule_cmmc=cmmc,
rule_indigo=indigo,
rule_bio=bio,
rule_cce=cce,
rule_custom_refs=custom_refs,
rule_tags=tags,
@@ -2665,6 +2692,7 @@ def main():
rule_cis=cis,
rule_cmmc=cmmc,
rule_indigo=indigo,
rule_bio=bio,
rule_cce=cce,
rule_tags=tags,
rule_srg=srg,
@@ -2688,6 +2716,7 @@ def main():
rule_cis=cis,
rule_cmmc=cmmc,
rule_indigo=indigo,
rule_bio=bio,
rule_cce=cce,
rule_tags=tags,
rule_srg=srg,
@@ -2709,6 +2738,7 @@ def main():
rule_cis=cis,
rule_cmmc=cmmc,
rule_indigo=indigo,
rule_bio=bio,
rule_cce=cce,
rule_tags=tags,
rule_srg=srg,

9
templates/adoc_additional_docs.adoc
View File

@@ -57,6 +57,15 @@ ASSOCIATED DOCUMENTS
|link:https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/Zulassung/mobile_Kommunikation/mobileKommunikation_node.html#doc919528bodyText2[indigo]|_indigo iOS 26.0.1 and iPadOS 26.0.1 Version 1.4_
|===
[%header, cols=2*a]
.Baseline Informatiebeveiliging Overheid (BIO)
|===
|Document Number or Descriptor
|Document Title
|link:https://www.bio-overheid.nl/category/producten/bio[BIO]|_Baseline Informatiebeveiliging Overheid (BIO)_
|link:https://github.com/MinBZK/Baseline-Informatiebeveiliging-Overheid[BIO2 GitHub Repository]|_BIO2 GitHub Repository_
|===
=== Non-Government Documents
[%header, cols=2*a]
.Apple

1
templates/adoc_header.adoc
View File

@@ -22,6 +22,7 @@ $stig_attribute
$cis_attribute
$cmmc_attribute
$indigo_attribute
$bio_attribute
:version: $version ($release_date)
:os: $os_version
:proj-title: $html_header_title

4
templates/adoc_rule.adoc
View File

@@ -59,6 +59,10 @@ ifdef::show_indigo[]
!$rule_indigo
endif::[]
ifdef::show_BIO[]
!BIO
!$rule_bio
endif::[]
!CCE
!$rule_cce