removed deleted rule and edited discussion

2026-03-04 09:13:19 +00:00 · 2020-09-22 14:32:51 -04:00
parent f6e3f4cec7
commit c45c52db87
5 changed files with 5 additions and 3 deletions
--- a/baselines/800-53_high.yaml
+++ b/baselines/800-53_high.yaml
@@ -124,7 +124,6 @@ profile:
      - os_ssh_fips_140_ciphers
      - os_ssh_fips_140_macs
      - os_ssh_login_grace_time_configure
-      - os_ssh_max_sessions_configure
      - os_ssh_permit_root_login_configure
      - os_sudoers_tty_configure
      - os_system_wide_preferences_configure
@@ -154,7 +153,6 @@ profile:
      - os_fail_secure_state
      - os_implement_memory_protection
      - os_implement_cryptography
-      - os_implement_random_address_space
      - os_isolate_security_functions
      - os_limit_gui_sessions
      - os_logical_access
--- a/rules/os/os_implement_cryptography.yaml
+++ b/rules/os/os_implement_cryptography.yaml
@@ -8,6 +8,7 @@ discussion: |
  macOS Catalina is in process of receiving FIPS validation from the National Institute of Standards and Technology (NIST).

  link:https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Modules-In-Process/Modules-In-Process-List[]
+  
  link:https://support.apple.com/en-us/HT201159[]
 check: |
  The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement using FIPS Validated Cryptographic Modules.
--- a/rules/os/os_implement_memory_protection.yaml
+++ b/rules/os/os_implement_memory_protection.yaml
@@ -8,7 +8,9 @@ discussion: |
  macOS supports address space layout randomization (ASLR), position-independent executable (PIE), Stack Canaries, and NX stack and heap protection.

  link:https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/64bitPorting/transition/transition.html[]
+  
  link:https://developer.apple.com/library/archive/qa/qa1788/_index.html[]
+
  link:https://www.apple.com/macos/security/[]
  
 check: |
--- a/rules/os/os_required_crypto_module.yaml
+++ b/rules/os/os_required_crypto_module.yaml
@@ -6,6 +6,7 @@ discussion: |
  macOS Catalina is in process of receiving FIPS validation from the National Institute of Standards and Technology (NIST).

  link:https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Modules-In-Process/Modules-In-Process-List[]
+  
  link:https://support.apple.com/en-us/HT201159[]
 check: |
  The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
--- a/rules/pwpolicy/pwpolicy_emergency_accounts_disable.yaml
+++ b/rules/pwpolicy/pwpolicy_emergency_accounts_disable.yaml
@@ -1,7 +1,7 @@
 id: pwpolicy_emergency_accounts_disable
 title: "Automatically Remove or Disable Emergency Accounts within 72 Hours"
 discussion: |
-  The macOS MUST be configured to automatically remove or disable emergency accounts within 72 hours or less. 
+  The macOS is able to be configured to automatically remove or disable emergency accounts within 72 hours or less. 

  Emergency administrator accounts are privileged accounts established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are disabled, system maintenance during emergencies may not be possible, thus adversely affecting system availability.