new 13.0 settings added

rules/os/os_config_profile_ui_install_disable.yaml

@@ -0,0 +1,33 @@
+id: os_config_profile_ui_install_disable
+title: "Disable Installation of Configuration Profiles through the User Interface"
+discussion: |
+  Installation of configuration profiles through the user interface _MUST_ be disabled and only be permitted through an authorized MDM server.
+check: |
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
+  .objectForKey('allowUIConfigurationProfileInstallation').js
+  EOS
+result:
+  string: "false"
+fix: |
+  This is implemented by a Configuration Profile.
+references:
+  cce:
+    - N/A
+  cci:
+    - N/A    
+  800-171r2:
+    - N/A
+  cis:
+    benchmark:
+      - N/A
+    controls v8:
+      - N/A
+macOS:
+  - "13.0"
+tags:
+  - none
+mobileconfig: true
+mobileconfig_info:
+  com.apple.applicationaccess:
+    allowUIConfigurationProfileInstallation: false

rules/sysprefs/sysprefs_USB_restricted_mode.yaml

@@ -0,0 +1,33 @@
+id: sysprefs_USB_restricted_mode
+title: "USB Devices Must be Authorized Before Allowing"
+discussion: |
+  USB devices connected to a Mac _MUST_ be authorized.
+check: |
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
+  .objectForKey('allowUSBRestrictedMode').js
+  EOS
+result:
+  string: "true"
+fix: |
+  This is implemented by a Configuration Profile.
+references:
+  cce:
+    - N/A
+  cci:
+    - N/A    
+  800-171r2:
+    - N/A
+  cis:
+    benchmark:
+      - N/A
+    controls v8:
+      - N/A
+macOS:
+  - "13.0"
+tags:
+  - none
+mobileconfig: true
+mobileconfig_info:
+  com.apple.applicationaccess:
+    allowUSBRestrictedMode: true