chore: updates for 3.0 release

2026-02-03 14:03:24 +00:00 · 2025-09-11 12:20:38 -04:00
parent 857ddf0739
commit 6740fc977a
6 changed files with 59 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,57 @@

 This document provides a high-level view of the changes to the macOS Security Compliance Project.

+## [Sequoia, Revision 3.0] - 2025-09-11
+* Rules
+  * Modified Rules
+    * auth_smartcard_certificate_trust_enforce_high
+    * os_authenticated_root_enable
+    * os_ess_installed
+    * os_external_storage_access_defined
+    * os_home_folders_secure
+    * os_iphone_mirroring_disable
+    * os_network_storage_restriction
+    * os_recovery_lock_enable
+    * os_screensaver_timeout_loginwindow_enforce
+    * os_secure_boot_verify
+    * os_unlock_active_user_session_disable
+    * os_world_writable_library_folder_configure
+    * pwpolicy_account_lockout_enforce
+    * pwpolicy_account_lockout_timeout_enforce
+    * pwpolicy_history_enforce
+    * pwpolicy_lower_case_character_enforce
+    * pwpolicy_max_lifetime_enforce
+    * pwpolicy_minimum_length_enforce
+    * pwpolicy_minimum_lifetime_enforce
+    * pwpolicy_special_character_enforce
+    * pwpolicy_upper_case_character_enforce
+    * supplemental_password_policy
+    * system_settings_bluetooth_sharing_disable
+    * system_settings_external_intelligence_disable
+    * system_settings_external_intelligence_sign_in_disable
+    * system_settings_filevault_enforce
+    * system_settings_hot_corners_secure
+    * system_settings_location_services_menu_enforce
+    * system_settings_remote_management_disable
+    * system_settings_time_machine_encrypted_configure
+  * Bug Fixes
+* Baselines
+  * Modified existing baselines
+* Scripts
+  * generate_baseline
+    * Updated regex
+  * generate_guidance
+    * Added flag for consolidated configuration profile
+    * Updated DDM logic for nested keys
+    * Added shell check to compliance script
+    * Updated current user check in compliance script
+    * Support for Managed Arguments in compliance script
+    * Bug Fixes
+  * generate_scap
+    * Support for oval 5.12.1
+    * Support for scap 1.4
+    * Added shellcommand for all tests
+
 ## [Sequoia, Revision 2.0] - 2025-07-01
 * Rules
  * Added Rules
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ Civilian agencies are to use the National Checklist Program as required by [NIST
 |Dan Brodjieski|NASA
 |John Mahlman IV|Leidos
 |Aaron Kegerreis|DISA
-|Henry Stamerjohann|Zentral Pro Services GmbH
+|Henry Stamerjohann|Declarative IT GmbH
 |Marco A Piñeryo II|State Department
 |Jason Blake|NIST
 |Blair Heiserman|NIST
--- a/VERSION.yaml
+++ b/VERSION.yaml
@@ -1,5 +1,5 @@
 os: "15.0"
 platform: macOS
-version: "Sequoia Guidance, Revision 2.0"
+version: "Sequoia Guidance, Revision 3.0"
 cpe: o:apple:macos:15.0
-date: "2025-07-01"
+date: "2025-09-11"
--- a/baselines/DISA-STIG.yaml
+++ b/baselines/DISA-STIG.yaml
@@ -77,7 +77,6 @@ profile:
      - os_config_data_install_enforce
      - os_dictation_disable
      - os_erase_content_and_settings_disable
-      - os_ess_installed
      - os_facetime_app_disable
      - os_filevault_autologin_disable
      - os_firmware_password_require
@@ -89,6 +88,7 @@ profile:
      - os_icloud_storage_prompt_disable
      - os_image_generation_disable
      - os_install_log_retention_configure
+      - os_iphone_mirroring_disable
      - os_loginwindow_adminhostinfo_undefined
      - os_mdm_require
      - os_newsyslog_files_owner_group_configure
@@ -135,7 +135,6 @@ profile:
      - pwpolicy_account_lockout_timeout_enforce
      - pwpolicy_alpha_numeric_enforce
      - pwpolicy_custom_regex_enforce
-      - pwpolicy_history_enforce
      - pwpolicy_max_lifetime_enforce
      - pwpolicy_minimum_length_enforce
      - pwpolicy_minimum_lifetime_enforce
--- a/baselines/cis_lvl1.yaml
+++ b/baselines/cis_lvl1.yaml
@@ -94,6 +94,7 @@ profile:
      - system_settings_improve_siri_dictation_disable
      - system_settings_install_macos_updates_enforce
      - system_settings_internet_sharing_disable
+      - system_settings_location_services_menu_enforce
      - system_settings_loginwindow_loginwindowtext_enable
      - system_settings_loginwindow_prompt_username_password_enforce
      - system_settings_password_hints_disable
--- a/baselines/cnssi-1253_moderate.yaml
+++ b/baselines/cnssi-1253_moderate.yaml
@@ -283,3 +283,6 @@ profile:
      - os_managed_access_control_points
      - os_non_repudiation
      - os_nonlocal_maintenance
+  - section: "Supplemental"
+    rules:
+      - supplemental_password_policy