usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

updates to tahoe

Browse Source
This commit is contained in:
Allen Golbig
2025-11-06 12:03:22 -05:00
parent ca618f9363
commit b00ae03b52
5 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
baselines/cis_lvl1.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 26.0: Security Configuration - CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 1) - DRAFT"
title: "macOS 26.0: Security Configuration - CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 1)"
description: |
This guide describes the actions to take when securing a macOS 26.0 system against the CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 1) - DRAFT security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 1) security baseline.
authors: |
*macOS Security Compliance Project*

4
baselines/cis_lvl2.yaml
View File

@@ -1,6 +1,6 @@
title: "macOS 26.0: Security Configuration - CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 2) - DRAFT"
title: "macOS 26.0: Security Configuration - CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 2)"
description: |
This guide describes the actions to take when securing a macOS 26.0 system against the CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 2) - DRAFT security baseline.
This guide describes the actions to take when securing a macOS 26.0 system against the CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 2) security baseline.
authors: |
*macOS Security Compliance Project*

4
includes/mscp-data.yaml
View File

@@ -83,8 +83,8 @@ titles:
800-53r5_moderate: NIST SP 800-53 Rev 5 Moderate Impact
800-53r5_low: NIST SP 800-53 Rev 5 Low Impact
800-171: NIST 800-171 Rev 3
cis_lvl1: CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 1) - DRAFT
cis_lvl2: CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 2) - DRAFT
cis_lvl1: CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 1)
cis_lvl2: CIS Apple macOS 26.0 Tahoe v1.0.0 Benchmark (Level 2)
cmmc_lvl1: US CMMC 2.0 Level 1
cmmc_lvl2: US CMMC 2.0 Level 2
cisv8: CIS Controls Version 8

2
rules/os/os_on_device_dictation_enforce.yaml
View File

@@ -4,6 +4,8 @@ discussion: |
Dictation _MUST_ be restricted to on device only to prevent potential data exfiltration.
The information system _MUST_ be configured to provide only essential capabilities.
IMPORTANT: This rule only applies to Apple Silicon devices.
check: |
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\

2
rules/os/os_unlock_active_user_session_disable.yaml
View File

@@ -7,7 +7,7 @@ discussion: |
NOTE: Configuring this setting will change the user experience and disable TouchID from unlocking the screensaver. A configuration profile will be generated to include the setting that restores the expected behavior. You can also apply the settings using `/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow screenUnlockMode -int 1`.
WARNING: This rule may cause issues when platformSSO is configured.
WARNING: Do not apply this rule if your organization uses smartcards and Platform Single Sign-On (PSSO).
check: |
RESULT="FAIL"
SS_RULE=$(/usr/bin/security -q authorizationdb read system.login.screensaver 2>&1 | /usr/bin/xmllint --xpath "//dict/key[.='rule']/following-sibling::array[1]/string/text()" -)