usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

refactor - Public Beta build macOS 26.0 Tahoe

Browse Source 
Updated rule files
Updated baseline files
Updated mscp-data file
Updated VERSION
This commit is contained in:
Bob Gendler
2025-07-24 16:00:00 -04:00
parent 121dc6e44f
commit 5d21314e8b
344 changed files with 834 additions and 834 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -1,7 +1,7 @@
![Alt text](templates/images/mscp_banner_outline.png)
![Alt text](https://badgen.net/badge/icon/apple?icon=apple&label)
![Alt text](https://badgen.net/badge/icon/15.0?icon=apple&label)
![Alt text](https://badgen.net/badge/icon/26.0?icon=apple&label)
> [!IMPORTANT]
> We recommend working off of one of the OS branches, rather than the `main` branch.

4
VERSION.yaml
View File

@@ -1,5 +1,5 @@
os: "15.0"
os: "26.0"
platform: macOS
version: "Sequoia Guidance, Revision 2.0"
cpe: o:apple:macos:15.0
cpe: o:apple:macos:26.0
date: "2025-07-01"

4
baselines/800-171.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - NIST 800-171 Rev 3"
title: "macOS 26.0: Security Configuration - NIST 800-171 Rev 3"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the NIST 800-171 Rev 3 security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the NIST 800-171 Rev 3 security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/800-53r5_high.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - NIST SP 800-53 Rev 5 High Impact"
title: "macOS 26.0: Security Configuration - NIST SP 800-53 Rev 5 High Impact"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the NIST SP 800-53 Rev 5 High Impact security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the NIST SP 800-53 Rev 5 High Impact security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/800-53r5_low.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - NIST SP 800-53 Rev 5 Low Impact"
title: "macOS 26.0: Security Configuration - NIST SP 800-53 Rev 5 Low Impact"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the NIST SP 800-53 Rev 5 Low Impact security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the NIST SP 800-53 Rev 5 Low Impact security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/800-53r5_moderate.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - NIST SP 800-53 Rev 5 Moderate Impact"
title: "macOS 26.0: Security Configuration - NIST SP 800-53 Rev 5 Moderate Impact"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the NIST SP 800-53 Rev 5 Moderate Impact security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the NIST SP 800-53 Rev 5 Moderate Impact security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/DISA-STIG.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - Apple macOS 15 (Sequoia) STIG - Ver 1, Rel 3"
title: "macOS 26.0: Security Configuration - Apple macOS 15 (Sequoia) STIG - Ver 1, Rel 3"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the Apple macOS 15 (Sequoia) STIG - Ver 1, Rel 3 security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the Apple macOS 15 (Sequoia) STIG - Ver 1, Rel 3 security baseline.
authors: |
*macOS Security Compliance Project*

4
baselines/all_rules.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - All Rules"
title: "macOS 26.0: Security Configuration - All Rules"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the All Rules security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the All Rules security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/cis_lvl1.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 1)"
title: "macOS 26.0: Security Configuration - CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 1)"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 1) security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 1) security baseline.
authors: |
*macOS Security Compliance Project*

4
baselines/cis_lvl2.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 2)"
title: "macOS 26.0: Security Configuration - CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 2)"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 2) security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the CIS Apple macOS 15.0 Sequoia v1.1.0 Benchmark (Level 2) security baseline.
authors: |
*macOS Security Compliance Project*

4
baselines/cisv8.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - CIS Controls Version 8"
title: "macOS 26.0: Security Configuration - CIS Controls Version 8"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the CIS Controls Version 8 security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the CIS Controls Version 8 security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/cmmc_lvl1.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - US CMMC 2.0 Level 1"
title: "macOS 26.0: Security Configuration - US CMMC 2.0 Level 1"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the US CMMC 2.0 Level 1 security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the US CMMC 2.0 Level 1 security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/cmmc_lvl2.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - US CMMC 2.0 Level 2"
title: "macOS 26.0: Security Configuration - US CMMC 2.0 Level 2"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the US CMMC 2.0 Level 2 security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the US CMMC 2.0 Level 2 security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/cnssi-1253_high.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - Committee on National Security Systems Instruction No. 1253 (High)"
title: "macOS 26.0: Security Configuration - Committee on National Security Systems Instruction No. 1253 (High)"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the Committee on National Security Systems Instruction No. 1253 (High) security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the Committee on National Security Systems Instruction No. 1253 (High) security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/cnssi-1253_low.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - Committee on National Security Systems Instruction No. 1253 (Low)"
title: "macOS 26.0: Security Configuration - Committee on National Security Systems Instruction No. 1253 (Low)"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the Committee on National Security Systems Instruction No. 1253 (Low) security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the Committee on National Security Systems Instruction No. 1253 (Low) security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

4
baselines/cnssi-1253_moderate.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 15.0: Security Configuration - Committee on National Security Systems Instruction No. 1253 (Moderate)"
title: "macOS 26.0: Security Configuration - Committee on National Security Systems Instruction No. 1253 (Moderate)"
description: |
This guide describes the actions to take when securing a macOS 15.0 system against the Committee on National Security Systems Instruction No. 1253 (Moderate) security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the Committee on National Security Systems Instruction No. 1253 (Moderate) security baseline.
Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |

6
rules/audit/audit_acls_files_configure.yaml
View File

@@ -15,7 +15,7 @@ fix: |
----
references:
cce:
- CCE-94101-3
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -36,7 +36,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-000030
- N/A
800-171r3:
- 03.03.08
cis:
@@ -47,7 +47,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r4_low

6
rules/audit/audit_acls_folders_configure.yaml
View File

@@ -15,7 +15,7 @@ fix: |
----
references:
cce:
- CCE-94102-1
- N/A
cci:
- CCI-000162
- CCI-000162
@@ -36,7 +36,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-000031
- N/A
800-171r3:
- 03.03.08
cis:
@@ -47,7 +47,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/audit/audit_alert_processing_fail.yaml
View File

@@ -8,7 +8,7 @@ fix: |
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.
references:
cce:
- CCE-94103-9
- N/A
cci:
- N/A
800-53r5:
@@ -20,7 +20,7 @@ references:
srg:
- N/A
macOS:
- '15.0'
- '26.0'
tags:
- permanent
mobileconfig: false

6
rules/audit/audit_auditd_enabled.yaml
View File

@@ -33,7 +33,7 @@ fix: |
----
references:
cce:
- CCE-94104-7
- N/A
cci:
- CCI-000130
- CCI-000131
@@ -104,7 +104,7 @@ references:
- SRG-OS-000055-GPOS-00026
- SRG-OS-000755-GPOS-00220
disa_stig:
- APPL-15-001003
- N/A
800-171r3:
- 03.03.02
- 03.03.03
@@ -119,7 +119,7 @@ references:
- AU.L2-3.3.2
- AU.L2-3.3.6
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/audit/audit_configure_capacity_notify.yaml
View File

@@ -15,7 +15,7 @@ fix: |
----
references:
cce:
- CCE-94105-4
- N/A
cci:
- CCI-000139
- CCI-001855
@@ -27,9 +27,9 @@ references:
- SRG-OS-000046-GPOS-00022
- SRG-OS-000343-GPOS-00134
disa_stig:
- APPL-15-001030
- N/A
macOS:
- '15.0'
- '26.0'
odv:
hint: Percentage of free space.
recommended: 25

6
rules/audit/audit_control_acls_configure.yaml
View File

@@ -13,7 +13,7 @@ fix: |
----
references:
cce:
- CCE-94106-2
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -35,7 +35,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001140
- N/A
800-171r3:
- 03.03.08
cis:
@@ -46,7 +46,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- cis_lvl1
- cis_lvl2

6
rules/audit/audit_control_group_configure.yaml
View File

@@ -13,7 +13,7 @@ fix: |
----
references:
cce:
- CCE-94107-0
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -35,7 +35,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001110
- N/A
800-171r3:
- 03.03.08
cis:
@@ -46,7 +46,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- cis_lvl1
- cis_lvl2

6
rules/audit/audit_control_mode_configure.yaml
View File

@@ -13,7 +13,7 @@ fix: |
----
references:
cce:
- CCE-94108-8
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -35,7 +35,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001130
- N/A
800-171r3:
- 03.03.08
cis:
@@ -46,7 +46,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- cis_lvl1
- cis_lvl2

6
rules/audit/audit_control_owner_configure.yaml
View File

@@ -13,7 +13,7 @@ fix: |
----
references:
cce:
- CCE-94109-6
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -35,7 +35,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001120
- N/A
800-171r3:
- 03.03.08
cis:
@@ -46,7 +46,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- cis_lvl1
- cis_lvl2

4
rules/audit/audit_enforce_dual_auth.yaml
View File

@@ -12,7 +12,7 @@ fix: |
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.
references:
cce:
- CCE-94110-4
- N/A
cci:
- N/A
800-53r5:
@@ -24,7 +24,7 @@ references:
srg:
- SRG-OS-000360-GPOS-00147
macOS:
- '15.0'
- '26.0'
tags:
- permanent
- cnssi-1253_high

6
rules/audit/audit_failure_halt.yaml
View File

@@ -15,7 +15,7 @@ fix: |
----
references:
cce:
- CCE-94111-2
- N/A
cci:
- CCI-000140
800-53r5:
@@ -25,13 +25,13 @@ references:
srg:
- SRG-OS-000047-GPOS-00023
disa_stig:
- APPL-15-001010
- N/A
800-171r3:
- 03.03.04
cmmc:
- AU.L2-3.3.4
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/audit/audit_files_group_configure.yaml
View File

@@ -17,7 +17,7 @@ fix: |
----
references:
cce:
- CCE-94112-0
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -37,7 +37,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001014
- N/A
800-171r3:
- 03.03.08
cis:
@@ -48,7 +48,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/audit/audit_files_mode_configure.yaml
View File

@@ -13,7 +13,7 @@ fix: |
----
references:
cce:
- CCE-94113-8
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -33,7 +33,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001016
- N/A
800-171r3:
- 03.03.08
cis:
@@ -44,7 +44,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/audit/audit_files_owner_configure.yaml
View File

@@ -17,7 +17,7 @@ fix: |
----
references:
cce:
- CCE-94114-6
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -37,7 +37,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001012
- N/A
800-171r3:
- 03.03.08
cis:
@@ -48,7 +48,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/audit/audit_flags_aa_configure.yaml
View File

@@ -17,7 +17,7 @@ fix: |
----
references:
cce:
- CCE-94115-3
- N/A
cci:
- CCI-000172
- CCI-001814
@@ -47,7 +47,7 @@ references:
- SRG-OS-000458-GPOS-00203
- SRG-OS-000468-GPOS-00212
disa_stig:
- APPL-15-001044
- N/A
800-171r3:
- 03.03.01
- 03.03.03
@@ -63,7 +63,7 @@ references:
- AU.L2-3.3.6
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_privacy
- 800-53r4_low

6
rules/audit/audit_flags_ad_configure.yaml
View File

@@ -21,7 +21,7 @@ fix: |
----
references:
cce:
- CCE-94116-1
- N/A
cci:
- CCI-000018
- CCI-000172
@@ -66,7 +66,7 @@ references:
- SRG-OS-000303-GPOS-00120
- SRG-OS-000755-GPOS-00220
disa_stig:
- APPL-15-001001
- N/A
800-171r3:
- 03.01.07
- 03.03.01
@@ -83,7 +83,7 @@ references:
- AU.L2-3.3.6
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_privacy
- 800-53r4_low

6
rules/audit/audit_flags_ex_configure.yaml
View File

@@ -18,7 +18,7 @@ fix: |
----
references:
cce:
- CCE-94117-9
- N/A
cci:
- CCI-000172
- CCI-001814
@@ -38,7 +38,7 @@ references:
- SRG-OS-000458-GPOS-00203
- SRG-OS-000463-GPOS-00207
disa_stig:
- APPL-15-001024
- N/A
800-171r3:
- 03.03.01
- 03.03.03
@@ -54,7 +54,7 @@ references:
- AU.L2-3.3.6
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_privacy
- 800-53r4_low

6
rules/audit/audit_flags_fd_configure.yaml
View File

@@ -19,7 +19,7 @@ fix: |
----
references:
cce:
- CCE-94118-7
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -61,7 +61,7 @@ references:
- SRG-OS-000458-GPOS-00203
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001020
- N/A
800-171r3:
- 03.03.01
- 03.03.03
@@ -72,7 +72,7 @@ references:
- AU.L2-3.3.8
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_privacy
- 800-53r5_low

6
rules/audit/audit_flags_fm_configure.yaml
View File

@@ -19,7 +19,7 @@ fix: |
----
references:
cce:
- CCE-94119-5
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -62,7 +62,7 @@ references:
- SRG-OS-000458-GPOS-00203
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001021
- N/A
800-171r3:
- 03.03.01
- 03.03.03
@@ -73,7 +73,7 @@ references:
- AU.L2-3.3.8
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

4
rules/audit/audit_flags_fm_failed_configure.yaml
View File

@@ -19,7 +19,7 @@ fix: |
----
references:
cce:
- CCE-94120-3
- N/A
cci:
- N/A
800-53r5:
@@ -56,7 +56,7 @@ references:
- AU.L2-3.3.8
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_privacy
- 800-53r5_low

6
rules/audit/audit_flags_fr_configure.yaml
View File

@@ -19,7 +19,7 @@ fix: |
----
references:
cce:
- CCE-94121-1
- N/A
cci:
- CCI-000172
- CCI-001814
@@ -53,7 +53,7 @@ references:
- SRG-OS-000458-GPOS-00203
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001022
- N/A
800-171r3:
- 03.03.01
- 03.03.03
@@ -71,7 +71,7 @@ references:
- AU.L2-3.3.8
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_privacy
- 800-53r4_low

6
rules/audit/audit_flags_fw_configure.yaml
View File

@@ -19,7 +19,7 @@ fix: |
----
references:
cce:
- CCE-94122-9
- N/A
cci:
- CCI-000172
- CCI-001814
@@ -54,7 +54,7 @@ references:
- SRG-OS-000458-GPOS-00203
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001023
- N/A
800-171r3:
- 03.03.01
- 03.03.03
@@ -72,7 +72,7 @@ references:
- AU.L2-3.3.8
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_privacy
- 800-53r4_low

6
rules/audit/audit_flags_lo_configure.yaml
View File

@@ -17,7 +17,7 @@ fix: |
----
references:
cce:
- CCE-94123-7
- N/A
cci:
- CCI-000067
- CCI-000172
@@ -45,7 +45,7 @@ references:
- SRG-OS-000458-GPOS-00203
- SRG-OS-000755-GPOS-00220
disa_stig:
- APPL-15-001002
- N/A
800-171r3:
- 03.03.01
- 03.03.03
@@ -62,7 +62,7 @@ references:
- AU.L2-3.3.6
- SI.L2-3.14.3
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_privacy
- 800-53r4_low

6
rules/audit/audit_folder_group_configure.yaml
View File

@@ -17,7 +17,7 @@ fix: |
----
references:
cce:
- CCE-94124-5
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -37,7 +37,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001015
- N/A
800-171r3:
- 03.03.08
cis:
@@ -48,7 +48,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/audit/audit_folder_owner_configure.yaml
View File

@@ -17,7 +17,7 @@ fix: |
----
references:
cce:
- CCE-94125-2
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -37,7 +37,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001013
- N/A
800-171r3:
- 03.03.08
cis:
@@ -48,7 +48,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/audit/audit_folders_mode_configure.yaml
View File

@@ -15,7 +15,7 @@ fix: |
----
references:
cce:
- CCE-94126-0
- N/A
cci:
- CCI-000162
- CCI-000163
@@ -35,7 +35,7 @@ references:
- SRG-OS-000258-GPOS-00099
- SRG-OS-000058-GPOS-00028
disa_stig:
- APPL-15-001017
- N/A
800-171r3:
- 03.03.08
cis:
@@ -46,7 +46,7 @@ references:
cmmc:
- AU.L2-3.3.8
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/audit/audit_off_load_records.yaml
View File

@@ -12,7 +12,7 @@ fix: |
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.
references:
cce:
- CCE-94127-8
- N/A
cci:
- N/A
800-53r5:
@@ -30,7 +30,7 @@ references:
controls v8:
- 8.9
macOS:
- '15.0'
- '26.0'
tags:
- permanent
- cisv8

4
rules/audit/audit_record_reduction_report_generation.yaml
View File

@@ -12,7 +12,7 @@ fix: |
The technology inherently meets this requirement. No fix is required.
references:
cce:
- CCE-94128-6
- N/A
cci:
- N/A
800-53r5:
@@ -34,7 +34,7 @@ references:
cmmc:
- AU.L2-3.3.6
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_high
- 800-53r4_high

4
rules/audit/audit_records_processing.yaml
View File

@@ -10,7 +10,7 @@ fix: |
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.
references:
cce:
- CCE-94129-4
- N/A
cci:
- N/A
800-53r5:
@@ -27,7 +27,7 @@ references:
cmmc:
- AU.L2-3.3.6
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_high
- 800-53r4_high

6
rules/audit/audit_retention_configure.yaml
View File

@@ -15,7 +15,7 @@ fix: |
----
references:
cce:
- CCE-94130-2
- N/A
cci:
- CCI-001849
800-53r5:
@@ -27,7 +27,7 @@ references:
srg:
- SRG-OS-000341-GPOS-00132
disa_stig:
- APPL-15-001029
- N/A
cis:
benchmark:
- 3.4 (level 1)
@@ -39,7 +39,7 @@ references:
800-171r3:
- 03.03.03
macOS:
- '15.0'
- '26.0'
odv:
hint: See man audit_control for possible values.
recommended: 7d

6
rules/audit/audit_settings_failure_notify.yaml
View File

@@ -15,7 +15,7 @@ fix: |
----
references:
cce:
- CCE-94131-0
- N/A
cci:
- CCI-000140
- CCI-001858
@@ -29,13 +29,13 @@ references:
- SRG-OS-000047-GPOS-00023
- SRG-OS-000344-GPOS-00135
disa_stig:
- APPL-15-001031
- N/A
800-171r3:
- 03.03.04
cmmc:
- AU.L2-3.3.4
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/auth/auth_pam_login_smartcard_enforce.yaml
View File

@@ -37,7 +37,7 @@ fix: |
----
references:
cce:
- CCE-94132-8
- N/A
cci:
- CCI-000765
- CCI-000766
@@ -61,7 +61,7 @@ references:
- SRG-OS-000105-GPOS-00052
- SRG-OS-000705-GPOS-00150
disa_stig:
- APPL-15-003050
- N/A
800-171r3:
- 03.05.03
- 03.05.04
@@ -76,7 +76,7 @@ references:
- IA.L2-3.5.3
- IA.L2-3.5.4
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/auth/auth_pam_su_smartcard_enforce.yaml
View File

@@ -32,7 +32,7 @@ fix: |
----
references:
cce:
- CCE-94133-6
- N/A
cci:
- CCI-000765
- CCI-000766
@@ -56,7 +56,7 @@ references:
- SRG-OS-000105-GPOS-00052
- SRG-OS-000705-GPOS-00150
disa_stig:
- APPL-15-003051
- N/A
800-171r3:
- 03.05.03
- 03.05.04
@@ -71,7 +71,7 @@ references:
- IA.L2-3.5.3
- IA.L2-3.5.4
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/auth/auth_pam_sudo_smartcard_enforce.yaml
View File

@@ -31,7 +31,7 @@ fix: |
----
references:
cce:
- CCE-94134-4
- N/A
cci:
- CCI-000765
- CCI-000766
@@ -55,7 +55,7 @@ references:
- SRG-OS-000105-GPOS-00052
- SRG-OS-000705-GPOS-00150
disa_stig:
- APPL-15-003052
- N/A
800-171r3:
- 03.05.03
- 03.05.04
@@ -70,7 +70,7 @@ references:
- IA.L2-3.5.3
- IA.L2-3.5.4
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/auth/auth_smartcard_allow.yaml
View File

@@ -17,7 +17,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94135-1
- N/A
cci:
- CCI-000187
- CCI-000765
@@ -42,7 +42,7 @@ references:
- SRG-OS-000105-GPOS-00052
- SRG-OS-000068-GPOS-00036
disa_stig:
- APPL-15-003030
- N/A
cis:
benchmark:
- N/A
@@ -57,7 +57,7 @@ references:
800-171r3:
- 03.05.03
macOS:
- '15.0'
- '26.0'
tags:
- 800-171
- 800-53r5_low

4
rules/auth/auth_smartcard_certificate_trust_enforce_high.yaml
View File

@@ -19,7 +19,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94136-9
- N/A
cci:
- N/A
800-53r5:
@@ -35,7 +35,7 @@ references:
cmmc:
- SC.L2-3.13.10
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r4_high
- 800-53r5_high

6
rules/auth/auth_smartcard_certificate_trust_enforce_moderate.yaml
View File

@@ -19,7 +19,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94137-7
- N/A
cci:
- CCI-000186
- CCI-001953
@@ -39,11 +39,11 @@ references:
- SRG-OS-000377-GPOS-00162
- SRG-OS-000066-GPOS-00034
disa_stig:
- APPL-15-001060
- N/A
cmmc:
- SC.L2-3.13.10
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r4_moderate
- 800-53r5_moderate

6
rules/auth/auth_smartcard_enforce.yaml
View File

@@ -21,7 +21,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94138-5
- N/A
cci:
- CCI-000186
- CCI-000765
@@ -61,7 +61,7 @@ references:
- SRG-OS-000105-GPOS-00052
- SRG-OS-000705-GPOS-00150
disa_stig:
- APPL-15-003020
- N/A
800-171r3:
- 03.05.01
- 03.05.03
@@ -79,7 +79,7 @@ references:
- IA.L2-3.5.3
- IA.L2-3.5.4
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/auth/auth_ssh_password_authentication_disable.yaml
View File

@@ -32,7 +32,7 @@ fix: |
----
references:
cce:
- CCE-94139-3
- N/A
cci:
- CCI-000186
- CCI-000765
@@ -72,7 +72,7 @@ references:
- SRG-OS-000375-GPOS-00160
- SRG-OS-000105-GPOS-00052
disa_stig:
- APPL-15-001150
- N/A
800-171r3:
- 03.05.01
- 03.05.03
@@ -92,7 +92,7 @@ references:
- IA.L2-3.5.4
- MA.L2-3.7.5
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_addressbook_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94140-1
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002014
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/icloud/icloud_appleid_system_settings_disable.yaml
View File

@@ -12,7 +12,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94141-9
- N/A
cci:
- N/A
800-53r5:
@@ -43,7 +43,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_bookmarks_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94142-7
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002042
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_calendar_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94143-5
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002012
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_drive_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94144-3
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002041
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_freeform_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94145-0
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002270
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_game_center_disable.yaml
View File

@@ -14,7 +14,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94146-8
- N/A
cci:
- CCI-000381
800-53r5:
@@ -31,7 +31,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002160
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -47,7 +47,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_keychain_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94147-6
- N/A
cci:
- CCI-001774
- CCI-000381
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002040
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_mail_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94148-4
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002015
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_notes_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94149-2
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002016
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_photos_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94150-0
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002043
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_private_relay_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94151-8
- N/A
cci:
- CCI-000381
800-53r5:
@@ -32,7 +32,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002170
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -48,7 +48,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_reminders_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94152-6
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -33,7 +33,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002013
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -49,7 +49,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/icloud/icloud_sync_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94153-4
- N/A
cci:
- CCI-000381
800-53r5:
@@ -32,7 +32,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002150
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -48,7 +48,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/os/os_access_control_mobile_devices.yaml
View File

@@ -12,7 +12,7 @@ fix: |
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.
references:
cce:
- CCE-94154-2
- N/A
cci:
- N/A
800-53r5:
@@ -33,7 +33,7 @@ references:
800-171r3:
- 03.01.18
macOS:
- '15.0'
- '26.0'
tags:
- 800-171
- 800-53r5_low

6
rules/os/os_account_modification_disable.yaml
View File

@@ -22,7 +22,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94155-9
- N/A
cci:
- CCI-000381
800-53r5:
@@ -39,7 +39,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002120
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -54,7 +54,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

6
rules/os/os_airdrop_disable.yaml
View File

@@ -14,7 +14,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94156-7
- N/A
cci:
- CCI-000213
- CCI-000381
@@ -34,7 +34,7 @@ references:
- SRG-OS-000080-GPOS-00048
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002009
- N/A
800-171r3:
- 03.01.02
- 03.01.20
@@ -52,7 +52,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/os/os_allow_info_passed.yaml
View File

@@ -12,7 +12,7 @@ fix: |
The technology inherently meets this requirement. No fix is required.
references:
cce:
- CCE-94157-5
- N/A
cci:
- N/A
800-53r5:
@@ -24,7 +24,7 @@ references:
srg:
- SRG-OS-000312-GPOS-00122
macOS:
- '15.0'
- '26.0'
tags:
- inherent
- cnssi-1253_low

4
rules/os/os_anti_virus_installed.yaml
View File

@@ -18,7 +18,7 @@ fix: |
NOTE: These services cannot be unloaded or loaded while System Integrity Protection (SIP) is enabled.
references:
cce:
- CCE-94158-3
- N/A
cci:
- CCI-000366
800-53r5:
@@ -37,7 +37,7 @@ references:
- 10.1
- 10.2
macOS:
- '15.0'
- '26.0'
tags:
- cis_lvl1
- cis_lvl2

6
rules/os/os_appleid_prompt_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94159-1
- N/A
cci:
- CCI-000381
800-53r5:
@@ -25,7 +25,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002035
- N/A
800-171r3:
- 03.01.20
cis:
@@ -37,7 +37,7 @@ references:
cmmc:
- AC.L1-3.1.20
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/os/os_application_sandboxing.yaml
View File

@@ -12,7 +12,7 @@ fix: |
The technology inherently meets this requirement. No fix is required.
references:
cce:
- CCE-94160-9
- N/A
800-53r5:
- SC-39
800-53r4:
@@ -24,7 +24,7 @@ references:
cci:
- N/A
macOS:
- '15.0'
- '26.0'
tags:
- inherent
- 800-53r5_low

6
rules/os/os_asl_log_files_owner_group_configure.yaml
View File

@@ -15,7 +15,7 @@ fix: |
----
references:
cce:
- CCE-94161-7
- N/A
cci:
- CCI-001312
- CCI-001314
@@ -27,11 +27,11 @@ references:
- SRG-OS-000206-GPOS-00084
- SRG-OS-000205-GPOS-00083
disa_stig:
- APPL-15-004001
- N/A
800-171r3:
- N/A
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_moderate
- 800-53r5_high

6
rules/os/os_asl_log_files_permissions_configure.yaml
View File

@@ -13,7 +13,7 @@ fix: |
----
references:
cce:
- CCE-94162-5
- N/A
cci:
- CCI-001312
- CCI-001314
@@ -25,11 +25,11 @@ references:
- SRG-OS-000206-GPOS-00084
- SRG-OS-000205-GPOS-00083
disa_stig:
- APPL-15-004002
- N/A
800-171r3:
- N/A
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_moderate
- 800-53r5_high

4
rules/os/os_auth_peripherals.yaml
View File

@@ -8,7 +8,7 @@ fix: |
This requirement is a permanent finding and can be fixed by implementing a third party solution.
references:
cce:
- CCE-94163-3
- N/A
cci:
- N/A
800-53r5:
@@ -30,7 +30,7 @@ references:
cmmc:
- IA.L1-3.5.2
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_moderate
- 800-53r5_high

6
rules/os/os_authenticated_root_enable.yaml
View File

@@ -20,7 +20,7 @@ fix: |
NOTE: To re-enable "Authenticated Root", boot the affected system into "Recovery" mode, launch "Terminal" from the "Utilities" menu, and run the command.
references:
cce:
- CCE-94164-1
- N/A
cci:
- CCI-000213
800-53r5:
@@ -39,7 +39,7 @@ references:
srg:
- SRG-OS-000080-GPOS-00048
disa_stig:
- APPL-15-005070
- N/A
800-171r3:
- 03.01.02
- 03.04.05
@@ -54,7 +54,7 @@ references:
- CM.L2-3.4.5
- SC.L2-3.13.11
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/os/os_blank_bluray_disable.yaml
View File

@@ -23,7 +23,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94165-8
- N/A
cci:
- N/A
800-53r5:
@@ -40,7 +40,7 @@ references:
- MP.L2-3.8.7
- MP.L2-3.8.8
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

4
rules/os/os_blank_cd_disable.yaml
View File

@@ -23,7 +23,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94166-6
- N/A
cci:
- N/A
800-53r5:
@@ -40,7 +40,7 @@ references:
- MP.L2-3.8.7
- MP.L2-3.8.8
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

4
rules/os/os_blank_dvd_disable.yaml
View File

@@ -23,7 +23,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94167-4
- N/A
cci:
- N/A
800-53r5:
@@ -40,7 +40,7 @@ references:
- MP.L2-3.8.7
- MP.L2-3.8.8
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

4
rules/os/os_bluray_read_only_enforce.yaml
View File

@@ -23,7 +23,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94168-2
- N/A
cci:
- N/A
800-53r5:
@@ -40,7 +40,7 @@ references:
- MP.L2-3.8.7
- MP.L2-3.8.8
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

6
rules/os/os_bonjour_disable.yaml
View File

@@ -13,7 +13,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94169-0
- N/A
cci:
- CCI-000381
800-53r5:
@@ -25,7 +25,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002005
- N/A
800-171r3:
- 03.04.06
cis:
@@ -38,7 +38,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/os/os_burn_support_disable.yaml
View File

@@ -15,7 +15,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94170-8
- N/A
cci:
- N/A
800-53r5:
@@ -32,7 +32,7 @@ references:
800-171r3:
- 03.08.07
macOS:
- '15.0'
- '26.0'
tags:
- 800-171
- cnssi-1253_low

4
rules/os/os_calendar_app_disable.yaml
View File

@@ -33,7 +33,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94171-6
- N/A
cci:
- N/A
800-53r5:
@@ -62,7 +62,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

6
rules/os/os_camera_disable.yaml
View File

@@ -25,7 +25,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94172-4
- N/A
cci:
- CCI-000381
- CCI-001774
@@ -36,9 +36,9 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002017
- N/A
macOS:
- '15.0'
- '26.0'
tags:
- stig
severity: medium

4
rules/os/os_cd_read_only_enforce.yaml
View File

@@ -23,7 +23,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94173-2
- N/A
cci:
- N/A
800-53r5:
@@ -40,7 +40,7 @@ references:
- MP.L2-3.8.7
- MP.L2-3.8.8
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

6
rules/os/os_certificate_authority_trust.yaml
View File

@@ -10,7 +10,7 @@ fix: |
Obtain the approved certificates from the appropriate authority and install them to the System Keychain.
references:
cce:
- CCE-94174-0
- N/A
cci:
- CCI-002470
- CCI-000185
@@ -24,11 +24,11 @@ references:
- SRG-OS-000403-GPOS-00182
- SRG-OS-000775-GPOS-00230
disa_stig:
- APPL-15-003001
- N/A
cmmc:
- SC.L2-3.13.10
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_moderate
- 800-53r5_high

4
rules/os/os_change_security_attributes.yaml
View File

@@ -12,7 +12,7 @@ fix: |
The technology inherently meets this requirement. No fix is required.
references:
cce:
- CCE-94175-7
- N/A
cci:
- N/A
800-53r5:
@@ -24,7 +24,7 @@ references:
srg:
- SRG-OS-000312-GPOS-00123
macOS:
- '15.0'
- '26.0'
tags:
- inherent
- cnssi-1253_low

6
rules/os/os_config_data_install_enforce.yaml
View File

@@ -19,7 +19,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94176-5
- N/A
cci:
- CCI-000366
800-53r5:
@@ -30,7 +30,7 @@ references:
srg:
- SRG-OS-000480-GPOS-00227
disa_stig:
- APPL-15-005130
- N/A
800-171r3:
- 03.14.02
cis:
@@ -45,7 +45,7 @@ references:
- SI.L1-3.14.2
- SI.L1-3.14.4
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/os/os_config_profile_ui_install_disable.yaml
View File

@@ -13,7 +13,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94177-3
- N/A
cci:
- N/A
800-53r5:
@@ -32,7 +32,7 @@ references:
disa_stig:
- N/A
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_low
- 800-53r5_moderate

4
rules/os/os_continuous_monitoring.yaml
View File

@@ -8,7 +8,7 @@ fix: |
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.
references:
cce:
- CCE-94178-1
- N/A
cci:
- N/A
800-53r5:
@@ -20,7 +20,7 @@ references:
disa_stig:
- N/A
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_moderate
- 800-53r5_high

4
rules/os/os_crypto_audit.yaml
View File

@@ -14,7 +14,7 @@ fix: |
The technology inherently meets this requirement. No fix is required.
references:
cce:
- CCE-94179-9
- N/A
cci:
- N/A
800-53r5:
@@ -26,7 +26,7 @@ references:
srg:
- SRG-OS-000278-GPOS-00108
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_high
- 800-53r4_high

6
rules/os/os_dictation_disable.yaml
View File

@@ -13,7 +13,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94180-7
- N/A
cci:
- CCI-000381
800-53r5:
@@ -28,7 +28,7 @@ references:
srg:
- SRG-OS-000095-GPOS-00049
disa_stig:
- APPL-15-002230
- N/A
800-171r3:
- 03.01.20
- 03.04.06
@@ -43,7 +43,7 @@ references:
- CM.L2-3.4.6
- CM.L2-3.4.7
macOS:
- '15.0'
- '26.0'
tags:
- i386
- 800-53r5_low

4
rules/os/os_directory_services_configured.yaml
View File

@@ -12,7 +12,7 @@ fix: |
Integrate the system into an existing directory services infrastructure.
references:
cce:
- CCE-94181-5
- N/A
cci:
- N/A
800-53r5:
@@ -29,7 +29,7 @@ references:
controls v8:
- 6.7
macOS:
- '15.0'
- '26.0'
tags:
- cisv8
severity: medium

4
rules/os/os_disk_image_disable.yaml
View File

@@ -23,7 +23,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94182-3
- N/A
cci:
- N/A
800-53r5:
@@ -40,7 +40,7 @@ references:
- MP.L2-3.8.7
- MP.L2-3.8.8
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

4
rules/os/os_dvdram_disable.yaml
View File

@@ -23,7 +23,7 @@ fix: |
This is implemented by a Configuration Profile.
references:
cce:
- CCE-94183-1
- N/A
cci:
- N/A
800-53r5:
@@ -40,7 +40,7 @@ references:
- MP.L2-3.8.7
- MP.L2-3.8.8
macOS:
- '15.0'
- '26.0'
tags:
- cnssi-1253_low
- cnssi-1253_high

4
rules/os/os_enforce_access_restrictions.yaml
View File

@@ -12,7 +12,7 @@ fix: |
The technology inherently meets this requirement. No fix is required.
references:
cce:
- CCE-94184-9
- N/A
cci:
- N/A
800-53r5:
@@ -24,7 +24,7 @@ references:
srg:
- SRG-OS-000364-GPOS-00151
macOS:
- '15.0'
- '26.0'
tags:
- 800-53r5_high
- 800-53r4_high

Some files were not shown because too many files have changed in this diff Show More