diff --git a/rules/os/os_external_storage_access_defined.yaml b/rules/os/os_external_storage_access_defined.yaml index 975b34bc..e7831c46 100644 --- a/rules/os/os_external_storage_access_defined.yaml +++ b/rules/os/os_external_storage_access_defined.yaml @@ -3,7 +3,7 @@ title: Access to External Storage Must Be Defined discussion: |- Access to external storage _MUST_ be managed. - NOTE: Apple's built in method using declative device management method only allows you to set external storage manament to Allowed, ReadOnly, and Disallowed. + NOTE: Apple's built in method using declarative device management method only allows you to set external storage management to Allowed, ReadOnly, and Disallowed. check: | /usr/bin/plutil -convert json /var/db/ManagedConfigurationFiles/DiskManagement/DiskManagement_Settings.plist -o - | /usr/bin/jq --raw-output '.Restrictions.ExternalStorage' result: diff --git a/rules/os/os_network_storage_restriction.yaml b/rules/os/os_network_storage_restriction.yaml index ec8d3103..224b6fc2 100644 --- a/rules/os/os_network_storage_restriction.yaml +++ b/rules/os/os_network_storage_restriction.yaml @@ -3,7 +3,7 @@ title: Network Storage Must Be Restricted discussion: |- Network Storage _MUST_ be restricted. - NOTE: Apple's built in method using declative device management method only allows you to set network storage manament to Allowed, ReadOnly, and Disallowed. + NOTE: Apple's built in method using declarative device management method only allows you to set network storage management to Allowed, ReadOnly, and Disallowed. check: | /usr/bin/plutil -convert json /var/db/ManagedConfigurationFiles/DiskManagement/DiskManagement_Settings.plist -o - | /usr/bin/jq --raw-output '.Restrictions.NetworkStorage' result: diff --git a/rules/os/os_photos_enhanced_search_disable.yaml b/rules/os/os_photos_enhanced_search_disable.yaml index cf92f80f..979b2686 100644 --- a/rules/os/os_photos_enhanced_search_disable.yaml +++ b/rules/os/os_photos_enhanced_search_disable.yaml @@ -1,7 +1,7 @@ id: os_photos_enhanced_search_disable title: Disable Photos Enhanced Visual Search discussion: |- - Enhanced Visualed Search _MUST_ be disabled in the Photos app. + Enhanced Visual Search _MUST_ be disabled in the Photos app. The information system _MUST_ be configured to provide only essential capabilities. Disabling Enhanced Visual Search will mitigate the risk of unwanted data being sent to Apple. check: | diff --git a/rules/os/os_safari_clear_history_disable.yaml b/rules/os/os_safari_clear_history_disable.yaml index 67becbb0..35feb516 100644 --- a/rules/os/os_safari_clear_history_disable.yaml +++ b/rules/os/os_safari_clear_history_disable.yaml @@ -1,7 +1,7 @@ id: os_safari_clear_history_disable title: Ensure Clearing of Browsing History in Safari Is Disabled discussion: | - Clearning of browser history _MUST_ be disabled in Safari. + Clearing of browser history _MUST_ be disabled in Safari. check: | /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\ diff --git a/rules/supplemental/supplemental_firewall_pf.yaml b/rules/supplemental/supplemental_firewall_pf.yaml index 8dbbae91..3f5086b9 100644 --- a/rules/supplemental/supplemental_firewall_pf.yaml +++ b/rules/supplemental/supplemental_firewall_pf.yaml @@ -13,7 +13,7 @@ discussion: | * The PF firewall can manipulate virtually any packet data and is highly configurable. ** More information on the BF firewall can be found here: https://www.openbsd.org/faq/pf/index.html - Below is a script that configures ALF and the PF firewall to meet the requirements defined in NIST SP 800-53 (Rev. 5). The script will make sure the application layer firewall is enabled, set logging to "detailed", set built-in signed applications to automatically receive incoming connections, and set downloaded signed applications to automatically receive incoming connections. It will then create a custom rule set and copy `com.apple.pfctl.plis` from `/System/Library/LaunchDaemons/` into the `/Library/LaunchDaemons` folder and name it `800-53.pfctl.plist`. This is done to not conflict with the system's pf ruleset. + Below is a script that configures ALF and the PF firewall to meet the requirements defined in NIST SP 800-53 (Rev. 5). The script will make sure the application layer firewall is enabled, set logging to "detailed", set built-in signed applications to automatically receive incoming connections, and set downloaded signed applications to automatically receive incoming connections. It will then create a custom rule set and copy `com.apple.pfctl.plist` from `/System/Library/LaunchDaemons/` into the `/Library/LaunchDaemons` folder and name it `800-53.pfctl.plist`. This is done to not conflict with the system's pf ruleset. The custom pf rules are created at `/etc/pf.anchors/800_53_pf_anchors`.