diff --git a/rules/audit/audit_acls_files_configure.yaml b/rules/audit/audit_acls_files_configure.yaml index 0211cd2b..ad9a4b8a 100644 --- a/rules/audit/audit_acls_files_configure.yaml +++ b/rules/audit/audit_acls_files_configure.yaml @@ -26,9 +26,10 @@ references: - AU-9 - SI-11 srg: - - N/A + - SRG-OS-000057-GPOS-00027 + - SRG-OS-000206-GPOS-00084 disa_stig: - - N/A + - APPL-12-000030 800-171r2: - 3.3.8 macOS: @@ -42,6 +43,7 @@ tags: - 800-53r5_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_acls_folders_configure.yaml b/rules/audit/audit_acls_folders_configure.yaml index ef58e730..9689363a 100644 --- a/rules/audit/audit_acls_folders_configure.yaml +++ b/rules/audit/audit_acls_folders_configure.yaml @@ -23,9 +23,9 @@ references: 800-53r4: - AU-9 srg: - - N/A + - SRG-OS-000057-GPOS-00027 disa_stig: - - N/A + - APPL-12-000031 800-171r2: - 3.3.8 macOS: @@ -39,6 +39,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_auditd_enabled.yaml b/rules/audit/audit_auditd_enabled.yaml index 9fb99ced..a55e9152 100644 --- a/rules/audit/audit_auditd_enabled.yaml +++ b/rules/audit/audit_auditd_enabled.yaml @@ -54,9 +54,22 @@ references: - AU-12(3) - AU-14(1) srg: - - N/A + - SRG-OS-000037-GPOS-00015 + - SRG-OS-000038-GPOS-00016 + - SRG-OS-000039-GPOS-00017 + - SRG-OS-000040-GPOS-00018 + - SRG-OS-000041-GPOS-00019 + - SRG-OS-000042-GPOS-00020 + - SRG-OS-000042-GPOS-00021 + - SRG-OS-000055-GPOS-00026 + - SRG-OS-000254-GPOS-00095 + - SRG-OS-000255-GPOS-00096 + - SRG-OS-000303-GPOS-00120 + - SRG-OS-000337-GPOS-00129 + - SRG-OS-000358-GPOS-00145 + - SRG-OS-000359-GPOS-00146 disa_stig: - - N/A + - APPL-12-001003 800-171r2: - 3.3.1 - 3.3.2 @@ -76,6 +89,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_configure_capacity_notify.yaml b/rules/audit/audit_configure_capacity_notify.yaml index 8ff583de..b8885938 100644 --- a/rules/audit/audit_configure_capacity_notify.yaml +++ b/rules/audit/audit_configure_capacity_notify.yaml @@ -23,14 +23,15 @@ references: 800-53r4: - AU-5(1) srg: - - N/A + - SRG-OS-000343-GPOS-00134 disa_stig: - - N/A + - APPL-12-001030 macOS: - "12.0" tags: - 800-53r5_high - 800-53r4_high + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_failure_halt.yaml b/rules/audit/audit_failure_halt.yaml index ab64fff6..3cc79085 100644 --- a/rules/audit/audit_failure_halt.yaml +++ b/rules/audit/audit_failure_halt.yaml @@ -23,9 +23,9 @@ references: 800-53r4: - AU-5 srg: - - N/A + - SRG-OS-000047-GPOS-00023 disa_stig: - - N/A + - APPL-12-001010 800-171r2: - 3.3.4 macOS: @@ -39,6 +39,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_files_group_configure.yaml b/rules/audit/audit_files_group_configure.yaml index 128b4599..cb0c3dec 100644 --- a/rules/audit/audit_files_group_configure.yaml +++ b/rules/audit/audit_files_group_configure.yaml @@ -25,9 +25,9 @@ references: 800-53r4: - AU-9 srg: - - N/A + - SRG-OS-000057-GPOS-00027 disa_stig: - - N/A + - APPL-12-001014 800-171r2: - 3.3.8 macOS: @@ -41,6 +41,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_files_mode_configure.yaml b/rules/audit/audit_files_mode_configure.yaml index d5595049..cb2588f3 100644 --- a/rules/audit/audit_files_mode_configure.yaml +++ b/rules/audit/audit_files_mode_configure.yaml @@ -21,9 +21,9 @@ references: 800-53r4: - AU-9 srg: - - N/A + - SRG-OS-000057-GPOS-00027 disa_stig: - - N/A + - APPL-12-001016 800-171r2: - 3.3.8 macOS: @@ -37,6 +37,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_files_owner_configure.yaml b/rules/audit/audit_files_owner_configure.yaml index 0bdcfcd1..7b70d89e 100644 --- a/rules/audit/audit_files_owner_configure.yaml +++ b/rules/audit/audit_files_owner_configure.yaml @@ -25,9 +25,9 @@ references: 800-53r4: - AU-9 srg: - - N/A + - SRG-OS-000057-GPOS-00027 disa_stig: - - N/A + - APPL-12-001012 800-171r2: - 3.3.8 macOS: @@ -41,6 +41,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_flags_aa_configure.yaml b/rules/audit/audit_flags_aa_configure.yaml index 9754e640..9d4d374e 100644 --- a/rules/audit/audit_flags_aa_configure.yaml +++ b/rules/audit/audit_flags_aa_configure.yaml @@ -31,9 +31,12 @@ references: - AU-12 - MA-4(1) srg: - - N/A + - SRG-OS-000470-GPOS-00214 + - SRG-OS-000472-GPOS-00217 + - SRG-OS-000473-GPOS-00218 + - SRG-OS-000475-GPOS-00220 disa_stig: - - N/A + - APPL-12-001044 800-171r2: - 3.3.1 - 3.3.2 @@ -54,6 +57,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_flags_ad_configure.yaml b/rules/audit/audit_flags_ad_configure.yaml index 0a22abc7..056d7063 100644 --- a/rules/audit/audit_flags_ad_configure.yaml +++ b/rules/audit/audit_flags_ad_configure.yaml @@ -45,9 +45,18 @@ references: - AU-12 - MA-4(1) srg: - - N/A + - SRG-OS-000004-GPOS-00004 + - SRG-OS-000239-GPOS-00089 + - SRG-OS-000240-GPOS-00090 + - SRG-OS-000241-GPOS-00091 + - SRG-OS-000327-GPOS-00127 + - SRG-OS-000392-GPOS-00172 + - SRG-OS-000471-GPOS-00215 + - SRG-OS-000471-GPOS-00216 + - SRG-OS-000476-GPOS-00221 + - SRG-OS-000477-GPOS-00222 disa_stig: - - N/A + - APPL-12-001001 800-171r2: - 3.1.7 - 3.3.1 @@ -69,6 +78,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_flags_fd_configure.yaml b/rules/audit/audit_flags_fd_configure.yaml index 742ae0a4..bcd01d44 100644 --- a/rules/audit/audit_flags_fd_configure.yaml +++ b/rules/audit/audit_flags_fd_configure.yaml @@ -37,9 +37,18 @@ references: - CM-5(1) - MA-4(1) srg: - - N/A + - SRG-OS-000064-GPOS-00033 + - SRG-OS-000365-GPOS-00152 + - SRG-OS-000458-GPOS-00203 + - SRG-OS-000461-GPOS-00205 + - SRG-OS-000463-GPOS-00207 + - SRG-OS-000465-GPOS-00209 + - SRG-OS-000466-GPOS-00210 + - SRG-OS-000467-GPOS-00211 + - SRG-OS-000468-GPOS-00212 + - SRG-OS-000474-GPOS-00219 disa_stig: - - N/A + - APPL-12-001020 800-171r2: - N/A cisv8: @@ -54,6 +63,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_flags_fm_configure.yaml b/rules/audit/audit_flags_fm_configure.yaml index 7bc34da8..f1b458f8 100644 --- a/rules/audit/audit_flags_fm_configure.yaml +++ b/rules/audit/audit_flags_fm_configure.yaml @@ -37,9 +37,18 @@ references: - CM-5(1) - MA-4(1) srg: - - N/A + - SRG-OS-000064-GPOS-00033 + - SRG-OS-000365-GPOS-00152 + - SRG-OS-000458-GPOS-00203 + - SRG-OS-000461-GPOS-00205 + - SRG-OS-000463-GPOS-00207 + - SRG-OS-000465-GPOS-00209 + - SRG-OS-000466-GPOS-00210 + - SRG-OS-000467-GPOS-00211 + - SRG-OS-000468-GPOS-00212 + - SRG-OS-000474-GPOS-00219 disa_stig: - - N/A + - APPL-12-001020 800-171r2: - N/A cisv8: @@ -51,6 +60,7 @@ macOS: tags: - stig - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_flags_fm_failed_configure.yaml b/rules/audit/audit_flags_fm_failed_configure.yaml index d5ffe8d9..94cdec89 100644 --- a/rules/audit/audit_flags_fm_failed_configure.yaml +++ b/rules/audit/audit_flags_fm_failed_configure.yaml @@ -37,7 +37,7 @@ references: - MA-4(1) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.3.1 diff --git a/rules/audit/audit_flags_fr_configure.yaml b/rules/audit/audit_flags_fr_configure.yaml index a054a5b4..d2db251c 100644 --- a/rules/audit/audit_flags_fr_configure.yaml +++ b/rules/audit/audit_flags_fr_configure.yaml @@ -37,9 +37,18 @@ references: - CM-5(1) - MA-4(1) srg: - - N/A + - SRG-OS-000064-GPOS-00033 + - SRG-OS-000365-GPOS-00152 + - SRG-OS-000458-GPOS-00203 + - SRG-OS-000461-GPOS-00205 + - SRG-OS-000463-GPOS-00207 + - SRG-OS-000465-GPOS-00209 + - SRG-OS-000466-GPOS-00210 + - SRG-OS-000467-GPOS-00211 + - SRG-OS-000468-GPOS-00212 + - SRG-OS-000474-GPOS-00219 disa_stig: - - N/A + - APPL-12-001020 800-171r2: - 3.3.1 - 3.3.2 @@ -61,6 +70,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_flags_fw_configure.yaml b/rules/audit/audit_flags_fw_configure.yaml index f638b800..3d2d8223 100644 --- a/rules/audit/audit_flags_fw_configure.yaml +++ b/rules/audit/audit_flags_fw_configure.yaml @@ -36,9 +36,18 @@ references: - CM-5(1) - MA-4(1) srg: - - N/A + - SRG-OS-000064-GPOS-00033 + - SRG-OS-000365-GPOS-00152 + - SRG-OS-000458-GPOS-00203 + - SRG-OS-000461-GPOS-00205 + - SRG-OS-000463-GPOS-00207 + - SRG-OS-000465-GPOS-00209 + - SRG-OS-000466-GPOS-00210 + - SRG-OS-000467-GPOS-00211 + - SRG-OS-000468-GPOS-00212 + - SRG-OS-000474-GPOS-00219 disa_stig: - - N/A + - APPL-12-001020 800-171r2: - 3.3.1 - 3.3.2 @@ -60,6 +69,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_flags_lo_configure.yaml b/rules/audit/audit_flags_lo_configure.yaml index 34453690..85967d67 100644 --- a/rules/audit/audit_flags_lo_configure.yaml +++ b/rules/audit/audit_flags_lo_configure.yaml @@ -33,9 +33,10 @@ references: - AU-12 - MA-4(1) srg: - - N/A + - SRG-OS-000032-GPOS-00013 + - SRG-OS-000462-GPOS-00206 disa_stig: - - N/A + - APPL-12-001002 800-171r2: - 3.1.12 - 3.3.1 @@ -57,6 +58,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_folder_group_configure.yaml b/rules/audit/audit_folder_group_configure.yaml index d0aefb04..6fd2285d 100644 --- a/rules/audit/audit_folder_group_configure.yaml +++ b/rules/audit/audit_folder_group_configure.yaml @@ -25,9 +25,9 @@ references: 800-53r4: - AU-9 srg: - - N/A + - SRG-OS-000057-GPOS-00027 disa_stig: - - N/A + - APPL-12-001015 800-171r2: - 3.3.8 macOS: @@ -41,6 +41,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_folder_owner_configure.yaml b/rules/audit/audit_folder_owner_configure.yaml index afbc5db8..be0a6c21 100644 --- a/rules/audit/audit_folder_owner_configure.yaml +++ b/rules/audit/audit_folder_owner_configure.yaml @@ -25,9 +25,9 @@ references: 800-53r4: - AU-9 srg: - - N/A + - SRG-OS-000057-GPOS-00027 disa_stig: - - N/A + - APPL-12-001013 800-171r2: - 3.3.8 macOS: @@ -41,6 +41,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_folders_mode_configure.yaml b/rules/audit/audit_folders_mode_configure.yaml index 07e3bb46..d6307f93 100644 --- a/rules/audit/audit_folders_mode_configure.yaml +++ b/rules/audit/audit_folders_mode_configure.yaml @@ -25,9 +25,11 @@ references: 800-53r4: - AU-9 srg: - - N/A + - SRG-OS-000057-GPOS-00027 + - SRG-OS-000058-GPOS-00028 + - SRG-OS-000059-GPOS-00029 disa_stig: - - N/A + - APPL-12-001017 800-171r2: - 3.3.8 macOS: @@ -41,6 +43,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_retention_configure.yaml b/rules/audit/audit_retention_configure.yaml index 0a39cd57..682af429 100644 --- a/rules/audit/audit_retention_configure.yaml +++ b/rules/audit/audit_retention_configure.yaml @@ -25,12 +25,9 @@ references: - AU-4 - AU-11 srg: - - N/A + - SRG-OS-000341-GPOS-00132 disa_stig: - - N/A - cisv8: - - 8.3 - - 8.1 + - APPL-12-001029 macOS: - "12.0" tags: @@ -43,6 +40,7 @@ tags: - 800-53r5_high - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/audit/audit_settings_failure_notify.yaml b/rules/audit/audit_settings_failure_notify.yaml index f57d376e..712cabab 100644 --- a/rules/audit/audit_settings_failure_notify.yaml +++ b/rules/audit/audit_settings_failure_notify.yaml @@ -25,9 +25,9 @@ references: - AU-5 - AU-5(2) srg: - - N/A + - SRG-OS-000344-GPOS-00135 disa_stig: - - N/A + - APPL-12-001031 800-171r2: - 3.3.4 macOS: @@ -38,6 +38,7 @@ tags: - 800-53r4_high - 800-53r5_high - 800-171 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/auth/auth_pam_login_smartcard_enforce.yaml b/rules/auth/auth_pam_login_smartcard_enforce.yaml index f407d867..9b5c4e4f 100644 --- a/rules/auth/auth_pam_login_smartcard_enforce.yaml +++ b/rules/auth/auth_pam_login_smartcard_enforce.yaml @@ -49,9 +49,9 @@ references: - IA-2(4) - IA-5(11) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000480-GPOS-00227 + disa_stig: + - APPL-12-003050 800-171r2: - 3.5.3 cisv8: @@ -70,6 +70,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: diff --git a/rules/auth/auth_pam_su_smartcard_enforce.yaml b/rules/auth/auth_pam_su_smartcard_enforce.yaml index 5199a699..3c0c14c8 100644 --- a/rules/auth/auth_pam_su_smartcard_enforce.yaml +++ b/rules/auth/auth_pam_su_smartcard_enforce.yaml @@ -44,9 +44,9 @@ references: - IA-2(4) - IA-5(11) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000480-GPOS-00227 + disa_stig: + - APPL-12-003051 800-171r2: - 3.5.3 cisv8: @@ -65,6 +65,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: diff --git a/rules/auth/auth_pam_sudo_smartcard_enforce.yaml b/rules/auth/auth_pam_sudo_smartcard_enforce.yaml index 4ed3ba99..a5145cc0 100644 --- a/rules/auth/auth_pam_sudo_smartcard_enforce.yaml +++ b/rules/auth/auth_pam_sudo_smartcard_enforce.yaml @@ -43,9 +43,9 @@ references: - IA-2(4) - IA-5(11) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000480-GPOS-00227 + disa_stig: + - APPL-12-003052 800-171r2: - 3.5.3 cisv8: @@ -64,6 +64,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: diff --git a/rules/auth/auth_smartcard_certificate_trust_enforce_high.yaml b/rules/auth/auth_smartcard_certificate_trust_enforce_high.yaml index 2bd446bd..f5df6074 100644 --- a/rules/auth/auth_smartcard_certificate_trust_enforce_high.yaml +++ b/rules/auth/auth_smartcard_certificate_trust_enforce_high.yaml @@ -27,7 +27,7 @@ references: - IA-5(2) srg: - N/A - disa_stig: + disa_stig: - N/A macOS: - "12.0" diff --git a/rules/auth/auth_smartcard_certificate_trust_enforce_moderate.yaml b/rules/auth/auth_smartcard_certificate_trust_enforce_moderate.yaml index 7bc3074f..fd3f05cb 100644 --- a/rules/auth/auth_smartcard_certificate_trust_enforce_moderate.yaml +++ b/rules/auth/auth_smartcard_certificate_trust_enforce_moderate.yaml @@ -31,7 +31,7 @@ references: - IA-5(2) srg: - N/A - disa_stig: + disa_stig: - APPL-12-XXXXXX macOS: - "12.0" diff --git a/rules/auth/auth_smartcard_enforce.yaml b/rules/auth/auth_smartcard_enforce.yaml index a0f8caf8..aed86806 100644 --- a/rules/auth/auth_smartcard_enforce.yaml +++ b/rules/auth/auth_smartcard_enforce.yaml @@ -42,9 +42,11 @@ references: - IA-5(2) - IA-5(11) srg: - - N/A + - SRG-OS-000107-GPOS-00054 + - SRG-OS-000108-GPOS-00055 + - SRG-OS-000068-GPOS-00036 disa_stig: - - N/A + - APPL-12-003020 800-171r2: - 3.5.1 - 3.5.2 @@ -65,6 +67,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "high" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_addressbook_disable.yaml b/rules/icloud/icloud_addressbook_disable.yaml index fa467da3..782aa7bd 100644 --- a/rules/icloud/icloud_addressbook_disable.yaml +++ b/rules/icloud/icloud_addressbook_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002014 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "low" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_appleid_prefpane_disable.yaml b/rules/icloud/icloud_appleid_prefpane_disable.yaml index 2aa1ca6e..2e6c177e 100644 --- a/rules/icloud/icloud_appleid_prefpane_disable.yaml +++ b/rules/icloud/icloud_appleid_prefpane_disable.yaml @@ -26,9 +26,9 @@ references: - AC-20 - AC-20(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000370-GPOS-00155 + disa_stig: + - APPL-12-002031 800-171r2: - 3.1.20 - 3.4.6 @@ -47,6 +47,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "high" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_bookmarks_disable.yaml b/rules/icloud/icloud_bookmarks_disable.yaml index 62a6f061..b886828a 100644 --- a/rules/icloud/icloud_bookmarks_disable.yaml +++ b/rules/icloud/icloud_bookmarks_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002042 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_calendar_disable.yaml b/rules/icloud/icloud_calendar_disable.yaml index c8c06ff3..cb826dc5 100644 --- a/rules/icloud/icloud_calendar_disable.yaml +++ b/rules/icloud/icloud_calendar_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002012 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "low" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_drive_disable.yaml b/rules/icloud/icloud_drive_disable.yaml index c99985d4..2a3b5866 100644 --- a/rules/icloud/icloud_drive_disable.yaml +++ b/rules/icloud/icloud_drive_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002041 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_keychain_disable.yaml b/rules/icloud/icloud_keychain_disable.yaml index fa648805..68b7eddb 100644 --- a/rules/icloud/icloud_keychain_disable.yaml +++ b/rules/icloud/icloud_keychain_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002040 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_mail_disable.yaml b/rules/icloud/icloud_mail_disable.yaml index 842a139f..e3cc43ea 100644 --- a/rules/icloud/icloud_mail_disable.yaml +++ b/rules/icloud/icloud_mail_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002015 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "low" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_notes_disable.yaml b/rules/icloud/icloud_notes_disable.yaml index f09c04bd..9202516e 100644 --- a/rules/icloud/icloud_notes_disable.yaml +++ b/rules/icloud/icloud_notes_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002016 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "low" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_photos_disable.yaml b/rules/icloud/icloud_photos_disable.yaml index 6e7735cc..5d8c79fb 100644 --- a/rules/icloud/icloud_photos_disable.yaml +++ b/rules/icloud/icloud_photos_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002043 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_reminders_disable.yaml b/rules/icloud/icloud_reminders_disable.yaml index fc59d0b4..4423b4ef 100644 --- a/rules/icloud/icloud_reminders_disable.yaml +++ b/rules/icloud/icloud_reminders_disable.yaml @@ -28,9 +28,10 @@ references: - AC-20 - AC-20(1) srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002013 800-171r2: - 3.1.20 - 3.4.6 @@ -50,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "low" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_airdrop_disable.yaml b/rules/os/os_airdrop_disable.yaml index 15c214d9..779a91d0 100644 --- a/rules/os/os_airdrop_disable.yaml +++ b/rules/os/os_airdrop_disable.yaml @@ -26,9 +26,9 @@ references: - AC-3 - AC-20 srg: - - N/A + - SRG-OS-000095-GPOS-00049 disa_stig: - - N/A + - APPL-12-002009 800-171r2: - 3.1.1 - 3.1.2 @@ -51,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_anti_virus_installed.yaml b/rules/os/os_anti_virus_installed.yaml index bf015028..6e89266f 100644 --- a/rules/os/os_anti_virus_installed.yaml +++ b/rules/os/os_anti_virus_installed.yaml @@ -19,13 +19,14 @@ references: 800-53r4: - SI-2 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000480-GPOS-00227 + disa_stig: + - APPL-12-002070 macOS: - "12.0" tags: - manual + - stig severity: "high" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_appleid_prompt_disable.yaml b/rules/os/os_appleid_prompt_disable.yaml index eeb9bdb2..a1b41461 100644 --- a/rules/os/os_appleid_prompt_disable.yaml +++ b/rules/os/os_appleid_prompt_disable.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - AC-20 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002035 800-171r2: - 3.1.20 cisv8: @@ -40,6 +40,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_asl_log_files_owner_group_configure.yaml b/rules/os/os_asl_log_files_owner_group_configure.yaml index 8683137b..7c054ed4 100644 --- a/rules/os/os_asl_log_files_owner_group_configure.yaml +++ b/rules/os/os_asl_log_files_owner_group_configure.yaml @@ -23,9 +23,9 @@ references: 800-53r4: - SI-11 srg: - - N/A + - SRG-OS-000206-GPOS-00084 disa_stig: - - N/A + - APPL-12-004001 800-171r2: - N/A macOS: @@ -33,6 +33,7 @@ macOS: tags: - 800-53r5_moderate - 800-53r5_high + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_asl_log_files_permissions_configure.yaml b/rules/os/os_asl_log_files_permissions_configure.yaml index c556e28e..55ec4bd0 100644 --- a/rules/os/os_asl_log_files_permissions_configure.yaml +++ b/rules/os/os_asl_log_files_permissions_configure.yaml @@ -21,9 +21,9 @@ references: 800-53r4: - SI-11 srg: - - N/A + - SRG-OS-000206-GPOS-00084 disa_stig: - - N/A + - APPL-12-004002 800-171r2: - N/A macOS: @@ -31,6 +31,7 @@ macOS: tags: - 800-53r5_moderate - 800-53r5_high + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_bonjour_disable.yaml b/rules/os/os_bonjour_disable.yaml index c6b2ad77..8dff409c 100644 --- a/rules/os/os_bonjour_disable.yaml +++ b/rules/os/os_bonjour_disable.yaml @@ -20,9 +20,9 @@ references: - CM-7 - CM-7(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002005 800-171r2: - 3.4.6 cisv8: @@ -40,6 +40,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_camera_disable.yaml b/rules/os/os_camera_disable.yaml index 3fb18df0..93eb4cc2 100644 --- a/rules/os/os_camera_disable.yaml +++ b/rules/os/os_camera_disable.yaml @@ -20,13 +20,15 @@ references: 800-53r4: - N/A srg: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 disa_stig: - - N/A + - APPL-12-002017 macOS: - "12.0" tags: - none + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_certificate_authority_trust.yaml b/rules/os/os_certificate_authority_trust.yaml index e1ced382..ce581234 100644 --- a/rules/os/os_certificate_authority_trust.yaml +++ b/rules/os/os_certificate_authority_trust.yaml @@ -18,10 +18,8 @@ references: - SC-17 800-53r4: - SC-17 - disa_stig: - - N/A - srg: - - N/A + disa_stig: + - APPL-12-003001 macOS: - "12.0" tags: @@ -31,6 +29,7 @@ tags: - 800-53r4_high - cnssi-1253 - manual + - stig severity: "high" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_directory_services_configured.yaml b/rules/os/os_directory_services_configured.yaml index 57f10e7c..8bd40f8b 100644 --- a/rules/os/os_directory_services_configured.yaml +++ b/rules/os/os_directory_services_configured.yaml @@ -20,15 +20,14 @@ references: 800-53r4: - N/A srg: - - N/A + - SRG-OS-000480-GPOS-00227 disa_stig: - - N/A - cisv8: - - 6.7 + - APPL-12-000016 macOS: - "12.0" tags: - cisv8 + - stig severity: "high" mobileconfig: mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_ess_installed.yaml b/rules/os/os_ess_installed.yaml index 57384efc..5fe7045d 100644 --- a/rules/os/os_ess_installed.yaml +++ b/rules/os/os_ess_installed.yaml @@ -19,19 +19,15 @@ references: 800-53r4: - SI-2(2) srg: - - N/A - disa_stig: - - N/A - cisv8: - - 10.1 - - 10.2 - - 10.6 - - 10.7 + - SRG-OS-000191-GPOS-00080 + disa_stig: + - APPL-12-000015 macOS: - "12.0" tags: - manual - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_filevault_authorized_users.yaml b/rules/os/os_filevault_authorized_users.yaml index a78d98b4..c0ac40c4 100644 --- a/rules/os/os_filevault_authorized_users.yaml +++ b/rules/os/os_filevault_authorized_users.yaml @@ -23,14 +23,15 @@ references: 800-53r4: - N/A srg: - - N/A + - SRG-OS-000480-GPOS-00227 disa_stig: - - N/A + - APPL-12-000032 macOS: - "12.0" tags: - 800-53r5_high - manual + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_filevault_autologin_disable.yaml b/rules/os/os_filevault_autologin_disable.yaml index 510645fe..44a23f43 100644 --- a/rules/os/os_filevault_autologin_disable.yaml +++ b/rules/os/os_filevault_autologin_disable.yaml @@ -24,11 +24,9 @@ references: - AC-3 - IA-5(13) srg: - - N/A + - SRG-OS-000480-GPOS-00227 disa_stig: - - N/A - cci: - - CCI-002143 + - APPL-12-000033 800-171r2: - 3.1.1 - 3.1.2 @@ -47,6 +45,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_firewall_log_enable.yaml b/rules/os/os_firewall_log_enable.yaml index 8901cd7f..9adfa794 100644 --- a/rules/os/os_firewall_log_enable.yaml +++ b/rules/os/os_firewall_log_enable.yaml @@ -25,7 +25,7 @@ references: - AU-12 srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.3.1 diff --git a/rules/os/os_firmware_password_require.yaml b/rules/os/os_firmware_password_require.yaml index e7de701d..be1a79f6 100644 --- a/rules/os/os_firmware_password_require.yaml +++ b/rules/os/os_firmware_password_require.yaml @@ -32,9 +32,9 @@ references: 800-53r4: - AC-6 srg: - - N/A + - SRG-OS-000480-GPOS-00227 disa_stig: - - N/A + - APPL-12-003013 800-171r2: - 3.1.5 macOS: @@ -47,6 +47,7 @@ tags: - 800-171 - cnssi-1253 - i386 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_gatekeeper_enable.yaml b/rules/os/os_gatekeeper_enable.yaml index 2cad2a91..6c3883de 100644 --- a/rules/os/os_gatekeeper_enable.yaml +++ b/rules/os/os_gatekeeper_enable.yaml @@ -32,9 +32,9 @@ references: - SI-3 - SI-7(15) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000366-GPOS-00153 + disa_stig: + - APPL-12-002064 800-171r2: - 3.4.5 cisv8: @@ -52,6 +52,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "high" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_gatekeeper_rearm.yaml b/rules/os/os_gatekeeper_rearm.yaml index 587219c4..b4875cbf 100644 --- a/rules/os/os_gatekeeper_rearm.yaml +++ b/rules/os/os_gatekeeper_rearm.yaml @@ -20,7 +20,7 @@ references: - SI-3 srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.4.5 diff --git a/rules/os/os_home_folders_secure.yaml b/rules/os/os_home_folders_secure.yaml index 3addf698..7d483baa 100644 --- a/rules/os/os_home_folders_secure.yaml +++ b/rules/os/os_home_folders_secure.yaml @@ -27,9 +27,10 @@ references: 800-53r4: - AC-6 srg: - - N/A + - SRG-OS-000480-GPOS-00228 + - SRG-OS-000480-GPOS-00230 disa_stig: - - N/A + - APPL-12-002068 800-171r2: - 3.1.5 macOS: @@ -41,6 +42,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_httpd_disable.yaml b/rules/os/os_httpd_disable.yaml index 87e2c063..ccd431e6 100644 --- a/rules/os/os_httpd_disable.yaml +++ b/rules/os/os_httpd_disable.yaml @@ -24,9 +24,9 @@ references: 800-53r4: - AC-3 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002008 800-171r2: - 3.1.1 - 3.1.2 @@ -45,6 +45,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_icloud_storage_prompt_disable.yaml b/rules/os/os_icloud_storage_prompt_disable.yaml index 977dca7c..ce79973c 100644 --- a/rules/os/os_icloud_storage_prompt_disable.yaml +++ b/rules/os/os_icloud_storage_prompt_disable.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - AC-20 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002037 800-171r2: - 3.1.20 cisv8: @@ -40,6 +40,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_internet_accounts_prefpane_disable.yaml b/rules/os/os_internet_accounts_prefpane_disable.yaml index 09f146c8..da81d744 100644 --- a/rules/os/os_internet_accounts_prefpane_disable.yaml +++ b/rules/os/os_internet_accounts_prefpane_disable.yaml @@ -26,9 +26,10 @@ references: - AC-20 - CM-7(5) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000370-GPOS-00155 + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002032 800-171r2: - 3.1.20 cisv8: @@ -46,6 +47,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_ir_support_disable.yaml b/rules/os/os_ir_support_disable.yaml index bcfd551a..0ab5c6b2 100644 --- a/rules/os/os_ir_support_disable.yaml +++ b/rules/os/os_ir_support_disable.yaml @@ -27,7 +27,7 @@ references: - AC-18 srg: - N/A - disa_stig: + disa_stig: - AOSX-13-000075 800-171r2: - 3.1.16 diff --git a/rules/os/os_newsyslog_files_owner_group_configure.yaml b/rules/os/os_newsyslog_files_owner_group_configure.yaml index c9886100..f878723a 100644 --- a/rules/os/os_newsyslog_files_owner_group_configure.yaml +++ b/rules/os/os_newsyslog_files_owner_group_configure.yaml @@ -23,9 +23,9 @@ references: 800-53r4: - SI-11 srg: - - N/A + - SRG-OS-000206-GPOS-00084 disa_stig: - - N/A + - APPL-12-004001 800-171r2: - N/A macOS: @@ -33,6 +33,7 @@ macOS: tags: - 800-53r5_moderate - 800-53r5_high + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_newsyslog_files_permissions_configure.yaml b/rules/os/os_newsyslog_files_permissions_configure.yaml index ccb066b1..9993eb92 100644 --- a/rules/os/os_newsyslog_files_permissions_configure.yaml +++ b/rules/os/os_newsyslog_files_permissions_configure.yaml @@ -22,9 +22,9 @@ references: 800-53r4: - SI-11 srg: - - N/A + - SRG-OS-000206-GPOS-00084 disa_stig: - - N/A + - APPL-12-004002 800-171r2: - N/A macOS: @@ -32,6 +32,7 @@ macOS: tags: - 800-53r5_moderate - 800-53r5_high + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_nfsd_disable.yaml b/rules/os/os_nfsd_disable.yaml index 61f07e7b..c4d9ef48 100644 --- a/rules/os/os_nfsd_disable.yaml +++ b/rules/os/os_nfsd_disable.yaml @@ -23,9 +23,9 @@ references: 800-53r4: - AC-3 srg: - - N/A + - SRG-OS-000095-GPOS-00049 disa_stig: - - N/A + - APPL-12-002003 800-171r2: - 3.1.1 - 3.1.2 @@ -44,6 +44,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_parental_controls_enable.yaml b/rules/os/os_parental_controls_enable.yaml index 66661689..e954d830 100644 --- a/rules/os/os_parental_controls_enable.yaml +++ b/rules/os/os_parental_controls_enable.yaml @@ -24,7 +24,7 @@ references: - CM-7(2) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.4.7 diff --git a/rules/os/os_policy_banner_loginwindow_enforce.yaml b/rules/os/os_policy_banner_loginwindow_enforce.yaml index f09a8067..3fb6954c 100644 --- a/rules/os/os_policy_banner_loginwindow_enforce.yaml +++ b/rules/os/os_policy_banner_loginwindow_enforce.yaml @@ -40,9 +40,11 @@ references: 800-53r4: - AC-8 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000023-GPOS-00006 + - SRG-OS-000024-GPOS-00007 + - SRG-OS-000228-GPOS-00088 + disa_stig: + - APPL-12-000025 800-171r2: - 3.1.9 macOS: @@ -56,6 +58,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_policy_banner_ssh_configure.yaml b/rules/os/os_policy_banner_ssh_configure.yaml index 1a6d58ab..b1f3ef59 100644 --- a/rules/os/os_policy_banner_ssh_configure.yaml +++ b/rules/os/os_policy_banner_ssh_configure.yaml @@ -27,15 +27,16 @@ references: 800-53r4: - AC-8 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000023-GPOS-00006 + disa_stig: + - APPL-12-000023 800-171r2: - 3.1.9 macOS: - "12.0" tags: - none + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_policy_banner_ssh_enforce.yaml b/rules/os/os_policy_banner_ssh_enforce.yaml index 5719e540..572e26f3 100644 --- a/rules/os/os_policy_banner_ssh_enforce.yaml +++ b/rules/os/os_policy_banner_ssh_enforce.yaml @@ -28,15 +28,17 @@ references: 800-53r4: - AC-8 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000023-GPOS-00006 + - SRG-OS-000024-GPOS-00007 + disa_stig: + - APPL-12-000024 800-171r2: - 3.1.9 macOS: - "12.0" tags: - none + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_privacy_setup_prompt_disable.yaml b/rules/os/os_privacy_setup_prompt_disable.yaml index d5d669c4..2a0dab88 100644 --- a/rules/os/os_privacy_setup_prompt_disable.yaml +++ b/rules/os/os_privacy_setup_prompt_disable.yaml @@ -22,17 +22,15 @@ references: - CM-7 - CM-7(1) srg: - - N/A - disa_stig: - - N/A - cisv8: - - 4.1 - - 4.8 + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002036 macOS: - "12.0" tags: - none - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_removable_media_disable.yaml b/rules/os/os_removable_media_disable.yaml index 396ee8e5..191f65f8 100644 --- a/rules/os/os_removable_media_disable.yaml +++ b/rules/os/os_removable_media_disable.yaml @@ -26,7 +26,7 @@ references: - MP-7(1) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.8.8 diff --git a/rules/os/os_screensaver_loginwindow_enforce.yaml b/rules/os/os_screensaver_loginwindow_enforce.yaml index f704e321..eb9dad5a 100644 --- a/rules/os/os_screensaver_loginwindow_enforce.yaml +++ b/rules/os/os_screensaver_loginwindow_enforce.yaml @@ -18,9 +18,9 @@ references: 800-53r4: - AC-11(1) srg: - - N/A + - SRG-OS-000031-GPOS-00012 disa_stig: - - N/A + - APPL-12-000006 800-171r2: - 3.1.10 macOS: @@ -32,6 +32,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "low" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_sip_enable.yaml b/rules/os/os_sip_enable.yaml index 10461fb0..2dd7e23b 100644 --- a/rules/os/os_sip_enable.yaml +++ b/rules/os/os_sip_enable.yaml @@ -55,9 +55,23 @@ references: - CM-5 - SC-4 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000051-GPOS-00024 + - SRG-OS-000054-GPOS-00025 + - SRG-OS-000062-GPOS-00031 + - SRG-OS-000122-GPOS-00063 + - SRG-OS-000256-GPOS-00097 + - SRG-OS-000257-GPOS-00098 + - SRG-OS-000258-GPOS-00099 + - SRG-OS-000259-GPOS-00100 + - SRG-OS-000348-GPOS-00136 + - SRG-OS-000349-GPOS-00137 + - SRG-OS-000350-GPOS-00138 + - SRG-OS-000351-GPOS-00139 + - SRG-OS-000352-GPOS-00140 + - SRG-OS-000353-GPOS-00141 + - SRG-OS-000354-GPOS-00142 + disa_stig: + - APPL-12-005001 800-171r2: - 3.1.1 - 3.1.2 @@ -81,6 +95,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_siri_prompt_disable.yaml b/rules/os/os_siri_prompt_disable.yaml index 5c6aaa36..ddaa7f58 100644 --- a/rules/os/os_siri_prompt_disable.yaml +++ b/rules/os/os_siri_prompt_disable.yaml @@ -25,9 +25,10 @@ references: - CM-7(1) - AC-20 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 + disa_stig: + - APPL-12-002039 800-171r2: - 3.1.20 - 3.4.6 @@ -46,6 +47,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_skip_unlock_with_watch_enable.yaml b/rules/os/os_skip_unlock_with_watch_enable.yaml index d49beb71..7417e709 100644 --- a/rules/os/os_skip_unlock_with_watch_enable.yaml +++ b/rules/os/os_skip_unlock_with_watch_enable.yaml @@ -21,7 +21,7 @@ references: - AC-20 srg: - SRG-OS-000095-GPOS-00049 - disa_stig: + disa_stig: - APPL-12-005056 800-171r2: - 3.1.20 diff --git a/rules/os/os_ssh_fips_compliant.yaml b/rules/os/os_ssh_fips_compliant.yaml index 4d0be812..8205d769 100644 --- a/rules/os/os_ssh_fips_compliant.yaml +++ b/rules/os/os_ssh_fips_compliant.yaml @@ -54,7 +54,7 @@ references: - SC-13 srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.1.13 diff --git a/rules/os/os_ssh_server_alive_count_max_configure.yaml b/rules/os/os_ssh_server_alive_count_max_configure.yaml index de677457..e196534f 100644 --- a/rules/os/os_ssh_server_alive_count_max_configure.yaml +++ b/rules/os/os_ssh_server_alive_count_max_configure.yaml @@ -24,7 +24,7 @@ references: - SC-10 srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.13.9 diff --git a/rules/os/os_ssh_server_alive_interval_configure.yaml b/rules/os/os_ssh_server_alive_interval_configure.yaml index 9053e5f0..0b776351 100644 --- a/rules/os/os_ssh_server_alive_interval_configure.yaml +++ b/rules/os/os_ssh_server_alive_interval_configure.yaml @@ -27,7 +27,7 @@ references: - SC-10 srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.13.9 diff --git a/rules/os/os_sshd_client_alive_count_max_configure.yaml b/rules/os/os_sshd_client_alive_count_max_configure.yaml index 9b4ec791..548a2726 100644 --- a/rules/os/os_sshd_client_alive_count_max_configure.yaml +++ b/rules/os/os_sshd_client_alive_count_max_configure.yaml @@ -23,15 +23,16 @@ references: 800-53r4: - SC-10 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000163-GPOS-00072 + disa_stig: + - APPL-12-000052 800-171r2: - 3.13.9 macOS: - "12.0" tags: - none + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_sshd_client_alive_interval_configure.yaml b/rules/os/os_sshd_client_alive_interval_configure.yaml index 18fce9cb..66c15b34 100644 --- a/rules/os/os_sshd_client_alive_interval_configure.yaml +++ b/rules/os/os_sshd_client_alive_interval_configure.yaml @@ -26,15 +26,16 @@ references: 800-53r4: - SC-10 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000163-GPOS-00072 + disa_stig: + - APPL-12-000051 800-171r2: - 3.13.9 macOS: - "12.0" tags: - none + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_sshd_fips_compliant.yaml b/rules/os/os_sshd_fips_compliant.yaml index 373db873..0820e07d 100644 --- a/rules/os/os_sshd_fips_compliant.yaml +++ b/rules/os/os_sshd_fips_compliant.yaml @@ -53,7 +53,7 @@ references: - MA-4(6) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.1.13 diff --git a/rules/os/os_sshd_key_exchange_algorithm_configure.yaml b/rules/os/os_sshd_key_exchange_algorithm_configure.yaml index d98bbc92..579fb45d 100644 --- a/rules/os/os_sshd_key_exchange_algorithm_configure.yaml +++ b/rules/os/os_sshd_key_exchange_algorithm_configure.yaml @@ -37,15 +37,21 @@ references: - AC-17(2) - MA-4(6) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000033-GPOS-00014 + - SRG-OS-000120-GPOS-00061 + - SRG-OS-000125-GPOS-00065 + - SRG-OS-000250-GPOS-00093 + - SRG-OS-000393-GPOS-00173 + - SRG-OS-000394-GPOS-00174 + disa_stig: + - APPL-12-000056 800-171r2: - N/A macOS: - "12.0" tags: - none + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_sshd_login_grace_time_configure.yaml b/rules/os/os_sshd_login_grace_time_configure.yaml index a2b8168e..fa41d557 100644 --- a/rules/os/os_sshd_login_grace_time_configure.yaml +++ b/rules/os/os_sshd_login_grace_time_configure.yaml @@ -23,15 +23,16 @@ references: 800-53r4: - SC-10 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000163-GPOS-00072 + disa_stig: + - APPL-12-000053 800-171r2: - 3.13.9 macOS: - "12.0" tags: - none + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_sshd_permit_root_login_configure.yaml b/rules/os/os_sshd_permit_root_login_configure.yaml index 4d44b685..c2ae676a 100644 --- a/rules/os/os_sshd_permit_root_login_configure.yaml +++ b/rules/os/os_sshd_permit_root_login_configure.yaml @@ -25,13 +25,14 @@ references: 800-53r4: - IA-2(5) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000109-GPOS-00056 + disa_stig: + - APPL-12-001100 macOS: - "12.0" tags: - none + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_sudoers_tty_configure.yaml b/rules/os/os_sudoers_tty_configure.yaml index 7687d449..15bd907e 100644 --- a/rules/os/os_sudoers_tty_configure.yaml +++ b/rules/os/os_sudoers_tty_configure.yaml @@ -24,9 +24,9 @@ references: 800-53r4: - IA-11 srg: - - N/A + - SRG-OS-000480-GPOS-00227 disa_stig: - - N/A + - APPL-12-004021 macOS: - "12.0" tags: @@ -34,6 +34,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cnssi-1253 + - stig severity: "high" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_tftpd_disable.yaml b/rules/os/os_tftpd_disable.yaml index 9a735f5b..a6985a8e 100644 --- a/rules/os/os_tftpd_disable.yaml +++ b/rules/os/os_tftpd_disable.yaml @@ -29,9 +29,9 @@ references: - AC-3 - IA-5(1) srg: - - N/A + - SRG-OS-000074-GPOS-00042 disa_stig: - - N/A + - APPL-12-002038 800-171r2: - 3.1.1 - 3.1.2 @@ -51,6 +51,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "high" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/os/os_time_server_enabled.yaml b/rules/os/os_time_server_enabled.yaml index 9d41d2a5..019d76f5 100644 --- a/rules/os/os_time_server_enabled.yaml +++ b/rules/os/os_time_server_enabled.yaml @@ -25,9 +25,10 @@ references: 800-53r4: - AU-8(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000355-GPOS-00143 + - SRG-OS-000356-GPOS-00144 + disa_stig: + - APPL-12-000014 800-171r2: - 3.3.7 cisv8: @@ -43,6 +44,7 @@ tags: - 800-53r4_moderate - 800-53r4_high - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_touchid_prompt_disable.yaml b/rules/os/os_touchid_prompt_disable.yaml index 7df5b269..cfd2ca5b 100644 --- a/rules/os/os_touchid_prompt_disable.yaml +++ b/rules/os/os_touchid_prompt_disable.yaml @@ -21,7 +21,7 @@ references: - CM-6 srg: - SRG-OS-000095-GPOS-00049 - disa_stig: + disa_stig: - APPL-12-005054 800-171r2: - 3.4.1 diff --git a/rules/os/os_uucp_disable.yaml b/rules/os/os_uucp_disable.yaml index 2ee40966..96a1c680 100644 --- a/rules/os/os_uucp_disable.yaml +++ b/rules/os/os_uucp_disable.yaml @@ -27,9 +27,9 @@ references: 800-53r4: - AC-3 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002006 800-171r2: - 3.1.1 - 3.1.2 @@ -49,6 +49,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/pwpolicy/pwpolicy_60_day_enforce.yaml b/rules/pwpolicy/pwpolicy_60_day_enforce.yaml index 9a44432c..b190d79f 100644 --- a/rules/pwpolicy/pwpolicy_60_day_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_60_day_enforce.yaml @@ -23,9 +23,9 @@ references: - IA-5 - IA-5(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000076-GPOS-00044 + disa_stig: + - APPL-12-003008 800-171r2: - 3.5.1 - 3.5.2 @@ -47,6 +47,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_account_inactivity_enforce.yaml b/rules/pwpolicy/pwpolicy_account_inactivity_enforce.yaml index 678dae8d..f7617265 100644 --- a/rules/pwpolicy/pwpolicy_account_inactivity_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_account_inactivity_enforce.yaml @@ -45,7 +45,7 @@ references: - IA-4 srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.5.5 diff --git a/rules/pwpolicy/pwpolicy_account_lockout_enforce.yaml b/rules/pwpolicy/pwpolicy_account_lockout_enforce.yaml index 164a84c5..88173244 100644 --- a/rules/pwpolicy/pwpolicy_account_lockout_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_account_lockout_enforce.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - AC-7 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000329-GPOS-00128 + disa_stig: + - APPL-12-000022 800-171r2: - 3.1.8 cisv8: @@ -39,6 +39,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_account_lockout_timeout_enforce.yaml b/rules/pwpolicy/pwpolicy_account_lockout_timeout_enforce.yaml index bc92b833..197bc877 100644 --- a/rules/pwpolicy/pwpolicy_account_lockout_timeout_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_account_lockout_timeout_enforce.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - AC-7 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000329-GPOS-00128 + disa_stig: + - APPL-12-000022 800-171r2: - 3.1.8 cisv8: @@ -39,6 +39,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_alpha_numeric_enforce.yaml b/rules/pwpolicy/pwpolicy_alpha_numeric_enforce.yaml index 2ba366f9..7890375a 100644 --- a/rules/pwpolicy/pwpolicy_alpha_numeric_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_alpha_numeric_enforce.yaml @@ -23,9 +23,9 @@ references: - IA-5 - IA-5(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000071-GPOS-00039 + disa_stig: + - APPL-12-003007 800-171r2: - 3.5.1 - 3.5.2 @@ -47,6 +47,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_history_enforce.yaml b/rules/pwpolicy/pwpolicy_history_enforce.yaml index 09aac667..0f300cf3 100644 --- a/rules/pwpolicy/pwpolicy_history_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_history_enforce.yaml @@ -24,9 +24,9 @@ references: 800-53r4: - IA-5(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000077-GPOS-00045 + disa_stig: + - APPL-12-003009 800-171r2: - 3.5.7 - 3.5.8 @@ -46,6 +46,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_lower_case_character_enforce.yaml b/rules/pwpolicy/pwpolicy_lower_case_character_enforce.yaml index 43693760..dcf65a3a 100644 --- a/rules/pwpolicy/pwpolicy_lower_case_character_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_lower_case_character_enforce.yaml @@ -46,7 +46,7 @@ references: 800-53r4: - IA-5 - IA-5(1) - disa_stig: + disa_stig: - N/A srg: - N/A diff --git a/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml b/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml index b6bb32e2..71d29774 100644 --- a/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml @@ -23,9 +23,9 @@ references: - IA-5 - IA-5(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000078-GPOS-00046 + disa_stig: + - APPL-12-003010 800-171r2: - 3.5.1 - 3.5.2 @@ -47,6 +47,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_minimum_lifetime_enforce.yaml b/rules/pwpolicy/pwpolicy_minimum_lifetime_enforce.yaml index 2ef25f10..3a361e99 100644 --- a/rules/pwpolicy/pwpolicy_minimum_lifetime_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_minimum_lifetime_enforce.yaml @@ -45,7 +45,7 @@ references: - IA-5 800-53r4: - IA-5(1) - disa_stig: + disa_stig: - N/A srg: - N/A diff --git a/rules/pwpolicy/pwpolicy_simple_sequence_disable.yaml b/rules/pwpolicy/pwpolicy_simple_sequence_disable.yaml index 3a41ce18..6928f45d 100644 --- a/rules/pwpolicy/pwpolicy_simple_sequence_disable.yaml +++ b/rules/pwpolicy/pwpolicy_simple_sequence_disable.yaml @@ -24,7 +24,7 @@ references: - IA-5(1) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.5.1 diff --git a/rules/pwpolicy/pwpolicy_special_character_enforce.yaml b/rules/pwpolicy/pwpolicy_special_character_enforce.yaml index 9d9923a2..dd8a174a 100644 --- a/rules/pwpolicy/pwpolicy_special_character_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_special_character_enforce.yaml @@ -25,9 +25,9 @@ references: - IA-5 - IA-5(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000266-GPOS-00101 + disa_stig: + - APPL-12-003011 800-171r2: - 3.5.1 - 3.5.2 @@ -49,6 +49,7 @@ tags: - 800-53r5_moderate - 800-53r5_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_temporary_or_emergency_accounts_disable.yaml b/rules/pwpolicy/pwpolicy_temporary_or_emergency_accounts_disable.yaml index 0b9be9dd..9b3dc3f3 100644 --- a/rules/pwpolicy/pwpolicy_temporary_or_emergency_accounts_disable.yaml +++ b/rules/pwpolicy/pwpolicy_temporary_or_emergency_accounts_disable.yaml @@ -65,9 +65,10 @@ references: 800-53r4: - AC-2(2) srg: - - N/A + - SRG-OS-000002-GPOS-00002 + - SRG-OS-000123-GPOS-00064 disa_stig: - - N/A + - APPL-12-000012 macOS: - "12.0" tags: @@ -76,6 +77,7 @@ tags: - 800-53r4_moderate - 800-53r4_high - manual + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/pwpolicy/pwpolicy_upper_case_character_enforce.yaml b/rules/pwpolicy/pwpolicy_upper_case_character_enforce.yaml index 4590872b..6e6ec014 100644 --- a/rules/pwpolicy/pwpolicy_upper_case_character_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_upper_case_character_enforce.yaml @@ -46,7 +46,7 @@ references: 800-53r4: - IA-5 - IA-5(1) - disa_stig: + disa_stig: - N/A srg: - N/A diff --git a/rules/sysprefs/sysprefs_airplay_receiver_disable.yaml b/rules/sysprefs/sysprefs_airplay_receiver_disable.yaml index ce2a4692..076eb6d2 100644 --- a/rules/sysprefs/sysprefs_airplay_receiver_disable.yaml +++ b/rules/sysprefs/sysprefs_airplay_receiver_disable.yaml @@ -24,7 +24,7 @@ references: - N/A srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.4.6 diff --git a/rules/sysprefs/sysprefs_apple_watch_unlock_disable.yaml b/rules/sysprefs/sysprefs_apple_watch_unlock_disable.yaml index d51fdee9..67a999cf 100644 --- a/rules/sysprefs/sysprefs_apple_watch_unlock_disable.yaml +++ b/rules/sysprefs/sysprefs_apple_watch_unlock_disable.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - AC-11 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000028-GPOS-00009 + disa_stig: + - APPL-12-000001 800-171r2: - 3.1.10 macOS: @@ -34,6 +34,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_automatic_login_disable.yaml b/rules/sysprefs/sysprefs_automatic_login_disable.yaml index 85d475f4..c5b059aa 100644 --- a/rules/sysprefs/sysprefs_automatic_login_disable.yaml +++ b/rules/sysprefs/sysprefs_automatic_login_disable.yaml @@ -22,9 +22,9 @@ references: - IA-2 - IA-5(13) srg: - - N/A + - SRG-OS-000480-GPOS-00229 disa_stig: - - N/A + - APPL-12-002066 800-171r2: - 3.5.1 - 3.5.2 @@ -39,6 +39,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_bluetooth_disable.yaml b/rules/sysprefs/sysprefs_bluetooth_disable.yaml index b993f4f9..732a35ad 100644 --- a/rules/sysprefs/sysprefs_bluetooth_disable.yaml +++ b/rules/sysprefs/sysprefs_bluetooth_disable.yaml @@ -26,9 +26,10 @@ references: - AC-18(3) - SC-8 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000481-GPOS-000481 + - SRG-OS-000319-GPOS-00164 + disa_stig: + - APPL-12-002062 800-171r2: - 3.13.8 cisv8: @@ -46,6 +47,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "low" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_bluetooth_sharing_disable.yaml b/rules/sysprefs/sysprefs_bluetooth_sharing_disable.yaml index 96ed9951..f26d6a96 100644 --- a/rules/sysprefs/sysprefs_bluetooth_sharing_disable.yaml +++ b/rules/sysprefs/sysprefs_bluetooth_sharing_disable.yaml @@ -39,7 +39,7 @@ references: - CM-7(1) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.1.1 diff --git a/rules/sysprefs/sysprefs_critical_update_install_enforce.yaml b/rules/sysprefs/sysprefs_critical_update_install_enforce.yaml index b1c1f6f6..6393d359 100644 --- a/rules/sysprefs/sysprefs_critical_update_install_enforce.yaml +++ b/rules/sysprefs/sysprefs_critical_update_install_enforce.yaml @@ -19,7 +19,7 @@ references: - N/A srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - N/A diff --git a/rules/sysprefs/sysprefs_diagnostics_reports_disable.yaml b/rules/sysprefs/sysprefs_diagnostics_reports_disable.yaml index e90751a1..473d2b5c 100644 --- a/rules/sysprefs/sysprefs_diagnostics_reports_disable.yaml +++ b/rules/sysprefs/sysprefs_diagnostics_reports_disable.yaml @@ -23,9 +23,9 @@ references: - AC-20 - SI-11 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000096-GPOS-00050 + disa_stig: + - APPL-12-002021 800-171r2: - 3.1.20 cisv8: @@ -43,6 +43,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_filevault_enforce.yaml b/rules/sysprefs/sysprefs_filevault_enforce.yaml index 29bbddd7..be024f7d 100644 --- a/rules/sysprefs/sysprefs_filevault_enforce.yaml +++ b/rules/sysprefs/sysprefs_filevault_enforce.yaml @@ -24,9 +24,11 @@ references: - SC-28 - SC-28(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000185-GPOS-00079 + - SRG-OS-000404-GPOS-00183 + - SRG-OS-000405-GPOS-00184 + disa_stig: + - APPL-12-005020 800-171r2: - 3.13.16 cisv8: @@ -42,6 +44,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/sysprefs/sysprefs_find_my_disable.yaml b/rules/sysprefs/sysprefs_find_my_disable.yaml index 2d2d05c2..4539dc02 100644 --- a/rules/sysprefs/sysprefs_find_my_disable.yaml +++ b/rules/sysprefs/sysprefs_find_my_disable.yaml @@ -27,7 +27,7 @@ references: - AC-20 srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.1.20 diff --git a/rules/sysprefs/sysprefs_firewall_enable.yaml b/rules/sysprefs/sysprefs_firewall_enable.yaml index 00c95fb6..f9235e28 100644 --- a/rules/sysprefs/sysprefs_firewall_enable.yaml +++ b/rules/sysprefs/sysprefs_firewall_enable.yaml @@ -30,9 +30,9 @@ references: - CM-7(1) - SC-7(12) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000480-GPOS-00232 + disa_stig: + - APPL-12-005050 800-171r2: - 3.1.3 - 3.1.5 @@ -57,6 +57,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_firewall_stealth_mode_enable.yaml b/rules/sysprefs/sysprefs_firewall_stealth_mode_enable.yaml index a932e071..7024f67d 100644 --- a/rules/sysprefs/sysprefs_firewall_stealth_mode_enable.yaml +++ b/rules/sysprefs/sysprefs_firewall_stealth_mode_enable.yaml @@ -29,9 +29,9 @@ references: - CM-7(1) - SC-7(16) srg: - - N/A + - SRG-OS-000480-GPOS-00232 disa_stig: - - N/A + - APPL-12-005050 800-171r2: - 3.4.6 - 3.13.1 @@ -53,6 +53,8 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_gatekeeper_identified_developers_allowed.yaml b/rules/sysprefs/sysprefs_gatekeeper_identified_developers_allowed.yaml index 76fddbaa..1a82d75b 100644 --- a/rules/sysprefs/sysprefs_gatekeeper_identified_developers_allowed.yaml +++ b/rules/sysprefs/sysprefs_gatekeeper_identified_developers_allowed.yaml @@ -28,9 +28,9 @@ references: - CM-5 - SI-7(15) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000480-GPOS-00227 + disa_stig: + - APPL-12-002060 800-171r2: - 3.4.5 macOS: @@ -43,6 +43,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_gatekeeper_override_disallow.yaml b/rules/sysprefs/sysprefs_gatekeeper_override_disallow.yaml index 837510f9..46f8bb27 100644 --- a/rules/sysprefs/sysprefs_gatekeeper_override_disallow.yaml +++ b/rules/sysprefs/sysprefs_gatekeeper_override_disallow.yaml @@ -29,7 +29,7 @@ references: - SI-7(15) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.4.5 diff --git a/rules/sysprefs/sysprefs_guest_account_disable.yaml b/rules/sysprefs/sysprefs_guest_account_disable.yaml index 4947d17a..dd9f1633 100644 --- a/rules/sysprefs/sysprefs_guest_account_disable.yaml +++ b/rules/sysprefs/sysprefs_guest_account_disable.yaml @@ -22,9 +22,9 @@ references: - AC-2 - AC-2(9) srg: - - N/A + - SRG-OS-000364-GPOS-00151 disa_stig: - - N/A + - APPL-12-002063 800-171r2: - 3.5.1 - 3.5.2 @@ -44,6 +44,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "high" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_hot_corners_disable.yaml b/rules/sysprefs/sysprefs_hot_corners_disable.yaml index 5f223926..7eb56e4d 100644 --- a/rules/sysprefs/sysprefs_hot_corners_disable.yaml +++ b/rules/sysprefs/sysprefs_hot_corners_disable.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - AC-11(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000031-GPOS-00012 + disa_stig: + - APPL-12-000007 800-171r2: - 3.1.10 macOS: @@ -34,6 +34,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_internet_sharing_disable.yaml b/rules/sysprefs/sysprefs_internet_sharing_disable.yaml index 6626b3a6..66b21091 100644 --- a/rules/sysprefs/sysprefs_internet_sharing_disable.yaml +++ b/rules/sysprefs/sysprefs_internet_sharing_disable.yaml @@ -22,9 +22,9 @@ references: - AC-4 - AC-20 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002007 800-171r2: - 3.1.3 - 3.1.20 @@ -43,6 +43,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_location_services_disable.yaml b/rules/sysprefs/sysprefs_location_services_disable.yaml index d51307eb..f33d1585 100644 --- a/rules/sysprefs/sysprefs_location_services_disable.yaml +++ b/rules/sysprefs/sysprefs_location_services_disable.yaml @@ -26,9 +26,9 @@ references: - CM-7 - CM-7(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + disa_stig: + - APPL-12-002004 800-171r2: - 3.4.6 cisv8: @@ -46,6 +46,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_loginwindow_prompt_username_password_enforce.yaml b/rules/sysprefs/sysprefs_loginwindow_prompt_username_password_enforce.yaml index 73c27e8e..c4dbf8c3 100644 --- a/rules/sysprefs/sysprefs_loginwindow_prompt_username_password_enforce.yaml +++ b/rules/sysprefs/sysprefs_loginwindow_prompt_username_password_enforce.yaml @@ -21,7 +21,7 @@ references: - IA-2 srg: - SRG-OS-000480-GPOS-00229 - disa_stig: + disa_stig: - APPL-12-005052 800-171r2: - 3.5.1 diff --git a/rules/sysprefs/sysprefs_password_hints_disable.yaml b/rules/sysprefs/sysprefs_password_hints_disable.yaml index 14c43081..5d42b6cb 100644 --- a/rules/sysprefs/sysprefs_password_hints_disable.yaml +++ b/rules/sysprefs/sysprefs_password_hints_disable.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - IA-6 srg: - - N/A + - SRG-OS-000480-GPOS-00227 disa_stig: - - N/A + - APPL-12-003012 800-171r2: - 3.5.11 macOS: @@ -36,6 +36,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_personalized_advertising_disable.yaml b/rules/sysprefs/sysprefs_personalized_advertising_disable.yaml index 196c17af..abbb010a 100644 --- a/rules/sysprefs/sysprefs_personalized_advertising_disable.yaml +++ b/rules/sysprefs/sysprefs_personalized_advertising_disable.yaml @@ -26,7 +26,7 @@ references: - CM-7(1) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.1.20 diff --git a/rules/sysprefs/sysprefs_rae_disable.yaml b/rules/sysprefs/sysprefs_rae_disable.yaml index 29fa870f..6d23107e 100644 --- a/rules/sysprefs/sysprefs_rae_disable.yaml +++ b/rules/sysprefs/sysprefs_rae_disable.yaml @@ -26,9 +26,9 @@ references: 800-53r4: - AC-3 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000096-GPOS-00050 + disa_stig: + - APPL-12-002022 800-171r2: - 3.1.1 - 3.1.2 @@ -47,6 +47,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/sysprefs/sysprefs_screen_sharing_disable.yaml b/rules/sysprefs/sysprefs_screen_sharing_disable.yaml index 6bf39667..a80e738a 100644 --- a/rules/sysprefs/sysprefs_screen_sharing_disable.yaml +++ b/rules/sysprefs/sysprefs_screen_sharing_disable.yaml @@ -26,9 +26,9 @@ references: - AC-3 - AC-17 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000480-GPOS-00227 + disa_stig: + - APPL-12-002050 800-171r2: - 3.1.1 - 3.1.2 @@ -47,6 +47,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/sysprefs/sysprefs_screensaver_ask_for_password_delay_enforce.yaml b/rules/sysprefs/sysprefs_screensaver_ask_for_password_delay_enforce.yaml index a5735af5..2cf850c7 100644 --- a/rules/sysprefs/sysprefs_screensaver_ask_for_password_delay_enforce.yaml +++ b/rules/sysprefs/sysprefs_screensaver_ask_for_password_delay_enforce.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - AC-11 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000028-GPOS-00009 + disa_stig: + - APPL-12-000003 800-171r2: - 3.1.10 macOS: @@ -34,6 +34,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_screensaver_password_enforce.yaml b/rules/sysprefs/sysprefs_screensaver_password_enforce.yaml index 00d502f2..c2f11778 100644 --- a/rules/sysprefs/sysprefs_screensaver_password_enforce.yaml +++ b/rules/sysprefs/sysprefs_screensaver_password_enforce.yaml @@ -20,9 +20,9 @@ references: 800-53r4: - AC-11 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000028-GPOS-00009 + disa_stig: + - APPL-12-000002 800-171r2: - 3.1.10 macOS: @@ -34,6 +34,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_screensaver_timeout_enforce.yaml b/rules/sysprefs/sysprefs_screensaver_timeout_enforce.yaml index c655a07a..17a57f6f 100644 --- a/rules/sysprefs/sysprefs_screensaver_timeout_enforce.yaml +++ b/rules/sysprefs/sysprefs_screensaver_timeout_enforce.yaml @@ -21,9 +21,9 @@ references: 800-53r4: - AC-11 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000029-GPOS-00010 + disa_stig: + - APPL-12-000004 800-171r2: - 3.1.10 cisv8: @@ -39,6 +39,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_siri_disable.yaml b/rules/sysprefs/sysprefs_siri_disable.yaml index 444312ac..83a7585f 100644 --- a/rules/sysprefs/sysprefs_siri_disable.yaml +++ b/rules/sysprefs/sysprefs_siri_disable.yaml @@ -26,9 +26,10 @@ references: - CM-7(1) - AC-20 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000095-GPOS-00049 + - SRG-OS-000370-GPOS-00155 + disa_stig: + - APPL-12-002020 800-171r2: - 3.1.20 - 3.4.6 @@ -47,6 +48,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_smbd_disable.yaml b/rules/sysprefs/sysprefs_smbd_disable.yaml index 5608aef9..a9eefb53 100644 --- a/rules/sysprefs/sysprefs_smbd_disable.yaml +++ b/rules/sysprefs/sysprefs_smbd_disable.yaml @@ -25,9 +25,9 @@ references: 800-53r4: - AC-3 srg: - - N/A + - SRG-OS-000095-GPOS-00049 disa_stig: - - N/A + - APPL-12-002001 800-171r2: - 3.1.1 - 3.1.2 @@ -46,6 +46,7 @@ tags: - 800-171 - cnssi-1253 - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/sysprefs/sysprefs_ssh_disable.yaml b/rules/sysprefs/sysprefs_ssh_disable.yaml index 1cc04e9d..af737ac9 100644 --- a/rules/sysprefs/sysprefs_ssh_disable.yaml +++ b/rules/sysprefs/sysprefs_ssh_disable.yaml @@ -27,9 +27,19 @@ references: - CM-7 - CM-7(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000250-GPOS-00093 + - SRG-OS-000033-GPOS-00014 + - SRG-OS-000319-GPOS-00164 + - SRG-OS-000393-GPOS-00173 + - SRG-OS-000394-GPOS-00174 + - SRG-OS-000112-GPOS-00057 + - SRG-OS-000113-GPOS-00058 + - SRG-OS-000423-GPOS-00187 + - SRG-OS-000424-GPOS-00188 + - SRG-OS-000425-GPOS-00189 + - SRG-OS-000426-GPOS-00190 + disa_stig: + - APPL-12-000011 800-171r2: - 3.1.1 - 3.1.2 @@ -41,6 +51,7 @@ macOS: - "12.0" tags: - cisv8 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/sysprefs/sysprefs_ssh_enable.yaml b/rules/sysprefs/sysprefs_ssh_enable.yaml index 7db5212b..d3eeaf28 100644 --- a/rules/sysprefs/sysprefs_ssh_enable.yaml +++ b/rules/sysprefs/sysprefs_ssh_enable.yaml @@ -30,7 +30,7 @@ references: - IA-2(9) srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.1.1 diff --git a/rules/sysprefs/sysprefs_system_wide_preferences_configure.yaml b/rules/sysprefs/sysprefs_system_wide_preferences_configure.yaml index 52f64c2f..0f005574 100644 --- a/rules/sysprefs/sysprefs_system_wide_preferences_configure.yaml +++ b/rules/sysprefs/sysprefs_system_wide_preferences_configure.yaml @@ -27,9 +27,7 @@ references: - AC-6(1) - AC-6(2) disa_stig: - - N/A - srg: - - N/A + - APPL-12-002069 800-171r2: - 3.1.5 - 3.1.6 @@ -42,6 +40,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: false mobileconfig_info: \ No newline at end of file diff --git a/rules/sysprefs/sysprefs_time_server_configure.yaml b/rules/sysprefs/sysprefs_time_server_configure.yaml index 4a587580..e3217fdb 100644 --- a/rules/sysprefs/sysprefs_time_server_configure.yaml +++ b/rules/sysprefs/sysprefs_time_server_configure.yaml @@ -22,9 +22,10 @@ references: 800-53r4: - AU-8(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000355-GPOS-00143 + - SRG-OS-000356-GPOS-00144 + disa_stig: + - APPL-12-000014 800-171r2: - 3.3.7 cisv8: @@ -40,6 +41,7 @@ tags: - 800-53r4_moderate - 800-53r4_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_time_server_enforce.yaml b/rules/sysprefs/sysprefs_time_server_enforce.yaml index acd26419..1dfb3547 100644 --- a/rules/sysprefs/sysprefs_time_server_enforce.yaml +++ b/rules/sysprefs/sysprefs_time_server_enforce.yaml @@ -22,9 +22,10 @@ references: 800-53r4: - AU-8(1) srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000355-GPOS-00143 + - SRG-OS-000356-GPOS-00144 + disa_stig: + - APPL-12-000014 800-171r2: - 3.3.7 cisv8: @@ -40,6 +41,7 @@ tags: - 800-53r4_moderate - 800-53r4_high - cisv8 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_token_removal_enforce.yaml b/rules/sysprefs/sysprefs_token_removal_enforce.yaml index f78e670d..b747b353 100644 --- a/rules/sysprefs/sysprefs_token_removal_enforce.yaml +++ b/rules/sysprefs/sysprefs_token_removal_enforce.yaml @@ -25,9 +25,9 @@ references: 800-53r4: - AC-11 srg: - - N/A - disa_stig: - - N/A + - SRG-OS-000030-GPOS-00011 + disa_stig: + - APPL-12-000005 800-171r2: - 3.1.10 macOS: @@ -39,6 +39,7 @@ tags: - 800-53r4_high - 800-171 - cnssi-1253 + - stig severity: "medium" mobileconfig: true mobileconfig_info: diff --git a/rules/sysprefs/sysprefs_touchid_unlock_disable.yaml b/rules/sysprefs/sysprefs_touchid_unlock_disable.yaml index 92fe3858..ca31499c 100644 --- a/rules/sysprefs/sysprefs_touchid_unlock_disable.yaml +++ b/rules/sysprefs/sysprefs_touchid_unlock_disable.yaml @@ -23,7 +23,7 @@ references: - AC-11 srg: - N/A - disa_stig: + disa_stig: - N/A 800-171r2: - 3.1.10 diff --git a/rules/sysprefs/sysprefs_wifi_disable.yaml b/rules/sysprefs/sysprefs_wifi_disable.yaml index d15d31ec..3c5ea7b0 100644 --- a/rules/sysprefs/sysprefs_wifi_disable.yaml +++ b/rules/sysprefs/sysprefs_wifi_disable.yaml @@ -30,7 +30,7 @@ references: - AC-4 - AC-18(1) - AC-18(3) - disa_stig: + disa_stig: - N/A srg: - N/A diff --git a/rules/sysprefs/sysprefs_wifi_disable_when_connected_to_ethernet.yaml b/rules/sysprefs/sysprefs_wifi_disable_when_connected_to_ethernet.yaml index 6c257edc..fb834a1c 100644 --- a/rules/sysprefs/sysprefs_wifi_disable_when_connected_to_ethernet.yaml +++ b/rules/sysprefs/sysprefs_wifi_disable_when_connected_to_ethernet.yaml @@ -23,7 +23,7 @@ references: - AC-4 - AC-18(1) - AC-18(3) - disa_stig: + disa_stig: - N/A srg: - N/A