Merge branch 'monterey-cis' into monterey

monterey cis into monterey
2026-03-03 17:02:01 +00:00 · 2021-10-14 09:23:41 -04:00
parent 8d532ac68b ecbfd51910
commit c67c9790e7
126 changed files with 786 additions and 108 deletions
--- a/VERSION.yaml
+++ b/VERSION.yaml
@@ -1,3 +1,3 @@
 os: "12.0"
-version: "Monterey, Revision 1"
+version: "Monterey Guidance, Revision 1"
 date: "2021-XX-XX"
--- a/baselines/cisv8.yaml
+++ b/baselines/cisv8.yaml
@@ -0,0 +1,148 @@
+title: "macOS 12.0: Security Configuration - CIS Controls Version 8"
+description: |
+  This guide describes the actions to take when securing a macOS 12.0 system against the CIS Controls version 8 baseline.
+authors: |
+  CIS Critical Security Controls® (CIS Controls®) are referenced with the permission and support of the Center for Internet Security® (CIS®)
+  |===
+  |Edward Byrd|Center for Internet Security
+  |Bob Gendler|National Institute of Standards and Technology
+  |Dan Brodjieski|National Aeronautics and Space Administration
+  |Allen Golbig|JAMF
+  |===
+profile:
+  - section: "authentication"
+    rules:
+      - auth_pam_login_smartcard_enforce
+      - auth_pam_su_smartcard_enforce
+      - auth_pam_sudo_smartcard_enforce
+      - auth_smartcard_allow
+      - auth_smartcard_enforce
+      - auth_ssh_password_authentication_disable
+  - section: "auditing"
+    rules:
+      - audit_auditd_enabled
+      - audit_flags_aa_configure
+      - audit_flags_ad_configure
+      - audit_flags_ex_configure
+      - audit_flags_fd_configure
+      - audit_flags_fm_configure
+      - audit_flags_fr_configure
+      - audit_flags_fw_configure
+      - audit_flags_lo_configure
+      - audit_retention_configure
+  - section: "macos"
+    rules:
+      - os_airdrop_disable
+      - os_appleid_prompt_disable
+      - os_authenticated_root_enable
+      - os_bonjour_disable
+      - os_calendar_app_disable
+      - os_config_data_install_enforce
+      - os_directory_services_configured
+      - os_facetime_app_disable
+      - os_filevault_autologin_disable
+      - os_firewall_log_enable
+      - os_gatekeeper_enable
+      - os_gatekeeper_rearm
+      - os_handoff_disable
+      - os_hbss_installed
+      - os_httpd_disable
+      - os_icloud_storage_prompt_disable
+      - os_internet_accounts_prefpane_disable
+      - os_ir_support_disable
+      - os_mail_app_disable
+      - os_mdm_require
+      - os_messages_app_disable
+      - os_nfsd_disable
+      - os_parental_controls_enable
+      - os_password_autofill_disable
+      - os_password_proximity_disable
+      - os_password_sharing_disable
+      - os_privacy_setup_prompt_disable
+      - os_root_disable
+      - os_sip_enable
+      - os_siri_prompt_disable
+      - os_skip_unlock_with_watch_enabled
+      - os_tftpd_disable
+      - os_time_server_enabled
+      - os_touchid_prompt_disable
+      - os_uucp_disable
+  - section: "passwordpolicy"
+    rules:
+      - pwpolicy_60_day_enforce
+      - pwpolicy_account_inactivity_enforce
+      - pwpolicy_account_lockout_enforce
+      - pwpolicy_account_lockout_timeout_enforce
+      - pwpolicy_alpha_numeric_enforce
+      - pwpolicy_history_enforce
+      - pwpolicy_lower_case_character_enforce
+      - pwpolicy_minimum_length_enforce
+      - pwpolicy_minimum_lifetime_enforce
+      - pwpolicy_simple_sequence_disable
+      - pwpolicy_special_character_enforce
+      - pwpolicy_upper_case_character_enforce
+  - section: "icloud"
+    rules:
+      - icloud_addressbook_disable
+      - icloud_appleid_prefpane_disable
+      - icloud_bookmarks_disable
+      - icloud_calendar_disable
+      - icloud_drive_disable
+      - icloud_keychain_disable
+      - icloud_mail_disable
+      - icloud_notes_disable
+      - icloud_photos_disable
+      - icloud_reminders_disable
+      - icloud_sync_disable
+  - section: "systempreferences"
+    rules:
+      - sysprefs_airplay_receiver_disable
+      - sysprefs_bluetooth_disable
+      - sysprefs_bluetooth_sharing_disable
+      - sysprefs_content_caching_disable
+      - sysprefs_critical_update_install_enforce
+      - sysprefs_diagnostics_reports_disable
+      - sysprefs_filevault_enforce
+      - sysprefs_find_my_disable
+      - sysprefs_firewall_enable
+      - sysprefs_firewall_stealth_mode_enable
+      - sysprefs_guest_access_smb_disable
+      - sysprefs_guest_account_disable
+      - sysprefs_improve_siri_dictation_disable
+      - sysprefs_internet_sharing_disable
+      - sysprefs_location_services_disable
+      - sysprefs_media_sharing_disabled
+      - sysprefs_personalized_advertising_disable
+      - sysprefs_power_nap_disable
+      - sysprefs_rae_disable
+      - sysprefs_screen_sharing_disable
+      - sysprefs_screensaver_timeout_enforce
+      - sysprefs_siri_disable
+      - sysprefs_smbd_disable
+      - sysprefs_ssh_disable
+      - sysprefs_time_server_configure
+      - sysprefs_time_server_enforce
+      - sysprefs_wifi_disable
+  - section: "Inherent"
+    rules:
+      - os_logical_access
+      - os_malicious_code_prevention
+      - os_mfa_network_access
+      - os_obscure_password
+      - os_store_encrypted_passwords
+      - os_unique_identification
+      - pwpolicy_force_password_change
+  - section: "Permanent"
+    rules:
+      - os_auth_peripherals
+      - os_secure_name_resolution
+  - section: "not_applicable"
+    rules: 
+      - os_access_control_mobile_devices
+  - section: "Supplemental"
+    rules:
+      - supplemental_controls
+      - supplemental_filevault
+      - supplemental_firewall_pf
+      - supplemental_password_policy
+      - supplemental_smartcard
--- a/rules/audit/audit_auditd_enabled.yaml
+++ b/rules/audit/audit_auditd_enabled.yaml
@@ -61,6 +61,9 @@ references:
    - 3.3.1
    - 3.3.2
    - 3.3.7
+  cisv8:
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -72,6 +75,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_flags_aa_configure.yaml
+++ b/rules/audit/audit_flags_aa_configure.yaml
@@ -37,6 +37,10 @@ references:
  800-171r2:
    - 3.3.1
    - 3.3.2
+  cisv8:
+    - 3.14
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -49,6 +53,7 @@ tags:
  - 800-53r5_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_flags_ad_configure.yaml
+++ b/rules/audit/audit_flags_ad_configure.yaml
@@ -52,6 +52,10 @@ references:
    - 3.1.7
    - 3.3.1
    - 3.3.2
+  cisv8:
+    - 3.14
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -64,6 +68,7 @@ tags:
  - 800-53r5_low 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_flags_ex_configure.yaml
+++ b/rules/audit/audit_flags_ex_configure.yaml
@@ -37,6 +37,10 @@ references:
  800-171r2:
    - 3.3.1
    - 3.3.2
+  cisv8:
+    - 3.14
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -49,5 +53,6 @@ tags:
  - 800-53r5_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_flags_fd_configure.yaml
+++ b/rules/audit/audit_flags_fd_configure.yaml
@@ -42,6 +42,10 @@ references:
    - N/A
  800-171r2:
    - N/A
+  cisv8:
+    - 3.14
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -49,6 +53,7 @@ tags:
  - 800-53r5_low 
  - 800-53r5_moderate 
  - 800-53r5_high
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_flags_fm_configure.yaml
+++ b/rules/audit/audit_flags_fm_configure.yaml
@@ -42,10 +42,15 @@ references:
    - N/A
  800-171r2:
    - N/A
+  cisv8:
+    - 3.14
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
  - stig
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_flags_fr_configure.yaml
+++ b/rules/audit/audit_flags_fr_configure.yaml
@@ -44,6 +44,10 @@ references:
    - 3.3.1
    - 3.3.2
    - 3.3.8
+  cisv8:
+    - 3.14
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -56,6 +60,7 @@ tags:
  - 800-53r5_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_flags_fw_configure.yaml
+++ b/rules/audit/audit_flags_fw_configure.yaml
@@ -43,6 +43,10 @@ references:
    - 3.3.1
    - 3.3.2
    - 3.3.8
+  cisv8:
+    - 3.14
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -55,6 +59,7 @@ tags:
  - 800-53r5_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_flags_lo_configure.yaml
+++ b/rules/audit/audit_flags_lo_configure.yaml
@@ -40,6 +40,10 @@ references:
    - 3.1.12
    - 3.3.1
    - 3.3.2
+  cisv8:
+    - 3.14
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -52,6 +56,7 @@ tags:
  - 800-53r5_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/audit/audit_off_load_records.yaml
+++ b/rules/audit/audit_off_load_records.yaml
@@ -23,6 +23,8 @@ references:
    - N/A
  srg:
    - N/A
+  cisv8:
+    - 8.9
 macOS:
  - "12.0"
 tags:
--- a/rules/audit/audit_retention_configure.yaml
+++ b/rules/audit/audit_retention_configure.yaml
@@ -28,6 +28,9 @@ references:
    - N/A
  disa_stig:
    - N/A
+  cisv8:
+    - 8.3
+    - 8.1
 macOS:
  - "12.0"
 tags:
@@ -39,6 +42,7 @@ tags:
  - 800-53r5_moderate 
  - 800-53r5_high 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/auth/auth_pam_login_smartcard_enforce.yaml
+++ b/rules/auth/auth_pam_login_smartcard_enforce.yaml
@@ -52,6 +52,10 @@ references:
    - N/A
  800-171r2:
    - 3.5.3
+  cisv8:
+    - 6.3
+    - 6.4
+    - 6.5
 macOS:
  - "12.0"
 tags:
@@ -63,6 +67,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/auth/auth_pam_su_smartcard_enforce.yaml
+++ b/rules/auth/auth_pam_su_smartcard_enforce.yaml
@@ -47,6 +47,10 @@ references:
    - N/A
  800-171r2:
    - 3.5.3
+  cisv8:
+    - 6.3
+    - 6.4
+    - 6.5
 macOS:
  - "12.0"
 tags:
@@ -58,6 +62,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/auth/auth_pam_sudo_smartcard_enforce.yaml
+++ b/rules/auth/auth_pam_sudo_smartcard_enforce.yaml
@@ -46,6 +46,10 @@ references:
    - N/A
  800-171r2:
    - 3.5.3
+  cisv8:
+    - 6.3
+    - 6.4
+    - 6.5
 macOS:
  - "12.0"
 tags:
@@ -57,6 +61,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/auth/auth_smartcard_allow.yaml
+++ b/rules/auth/auth_smartcard_allow.yaml
@@ -28,6 +28,10 @@ references:
    - N/A
  disa_stig:
    - N/A
+  cisv8:
+    - 6.3
+    - 6.4
+    - 6.5
 macOS:
  - "12.0"
 tags:
@@ -38,6 +42,7 @@ tags:
  - 800-53r4_moderate
  - 800-53r4_high
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.security.smartcard:
--- a/rules/auth/auth_smartcard_enforce.yaml
+++ b/rules/auth/auth_smartcard_enforce.yaml
@@ -49,6 +49,10 @@ references:
    - 3.5.1
    - 3.5.2
    - 3.5.3
+  cisv8:
+    - 6.3
+    - 6.4
+    - 6.5
 macOS:
  - "12.0"
 tags:
@@ -60,6 +64,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "high"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/auth/auth_ssh_password_authentication_disable.yaml
+++ b/rules/auth/auth_ssh_password_authentication_disable.yaml
@@ -48,9 +48,14 @@ references:
    - 3.5.2
    - 3.5.3
    - 3.7.5
+  cisv8:
+    - 6.3
+    - 6.4
+    - 6.5
 macOS:
  - "12.0"
 tags:
  - none
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/icloud/icloud_addressbook_disable.yaml
+++ b/rules/icloud/icloud_addressbook_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "low"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_appleid_prefpane_disable.yaml
+++ b/rules/icloud/icloud_appleid_prefpane_disable.yaml
@@ -32,6 +32,9 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -43,6 +46,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "high"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_bookmarks_disable.yaml
+++ b/rules/icloud/icloud_bookmarks_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_calendar_disable.yaml
+++ b/rules/icloud/icloud_calendar_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "low"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_drive_disable.yaml
+++ b/rules/icloud/icloud_drive_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_keychain_disable.yaml
+++ b/rules/icloud/icloud_keychain_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_mail_disable.yaml
+++ b/rules/icloud/icloud_mail_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "low"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_notes_disable.yaml
+++ b/rules/icloud/icloud_notes_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "low"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_photos_disable.yaml
+++ b/rules/icloud/icloud_photos_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_private_relay_disable.yaml
+++ b/rules/icloud/icloud_private_relay_disable.yaml
@@ -31,7 +31,12 @@ references:
  disa_stig:
    - N/A
  800-171r2:
-    - N/A
+    - 3.1.20
+    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3    
 macOS:
  - "12.0"
 tags:
--- a/rules/icloud/icloud_reminders_disable.yaml
+++ b/rules/icloud/icloud_reminders_disable.yaml
@@ -34,6 +34,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -45,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "low"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/icloud/icloud_sync_disable.yaml
+++ b/rules/icloud/icloud_sync_disable.yaml
@@ -33,6 +33,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -44,6 +48,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/os/os_access_control_mobile_devices.yaml
+++ b/rules/os/os_access_control_mobile_devices.yaml
@@ -23,6 +23,8 @@ references:
    - N/A
  srg:
    - N/A
+  cisv8:
+    - 6.4
 macOS:
  - "12.0"
 tags:
@@ -30,5 +32,6 @@ tags:
  - 800-53r5_moderate
  - 800-53r5_high
  - n_a
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_airdrop_disable.yaml
+++ b/rules/os/os_airdrop_disable.yaml
@@ -35,6 +35,10 @@ references:
    - 3.1.16
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 6.7
 macOS:
  - "12.0"
 tags:
@@ -46,6 +50,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_appleid_prompt_disable.yaml
+++ b/rules/os/os_appleid_prompt_disable.yaml
@@ -25,6 +25,9 @@ references:
    - N/A
  800-171r2:
    - 3.1.20
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -36,6 +39,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_auth_peripherals.yaml
+++ b/rules/os/os_auth_peripherals.yaml
@@ -22,6 +22,8 @@ references:
  800-171r2:
    - 3.5.1
    - 3.5.2      
+  cisv8:
+    - 13.9
 macOS:
  - "12.0"
 tags:
@@ -31,5 +33,6 @@ tags:
  - 800-53r4_high
  - cnssi-1253
  - permanent
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_authenticated_root_enable.yaml
+++ b/rules/os/os_authenticated_root_enable.yaml
@@ -42,6 +42,8 @@ references:
    - 3.1.1
    - 3.1.2
    - 3.4.5
+  cisv8:
+    - 3.3
 macOS:
  - "12.0"
 tags:
@@ -53,5 +55,6 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_bonjour_disable.yaml
+++ b/rules/os/os_bonjour_disable.yaml
@@ -25,6 +25,9 @@ references:
    - N/A
  800-171r2:
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -36,6 +39,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_calendar_app_disable.yaml
+++ b/rules/os/os_calendar_app_disable.yaml
@@ -33,6 +33,9 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
    - "12.0"
 tags:
@@ -44,6 +47,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_config_data_install_enforce.yaml
+++ b/rules/os/os_config_data_install_enforce.yaml
@@ -30,12 +30,17 @@ references:
    - N/A
  800-171r2:
    - N/A
+  cisv8:
+    - 10.1
+    - 10.2
+    - 10.4
 macOS:
  - "12.0"
 tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.SoftwareUpdate:
--- a/rules/os/os_directory_services_configured.yaml
+++ b/rules/os/os_directory_services_configured.yaml
@@ -25,10 +25,13 @@ references:
    - N/A
  disa_stig:
    - N/A
+  cisv8:
+    - 6.7
 macOS:
  - "12.0"
 tags:
  - manual
+  - cisv8
 severity: "high"
 mobileconfig:
 mobileconfig_info:
--- a/rules/os/os_facetime_app_disable.yaml
+++ b/rules/os/os_facetime_app_disable.yaml
@@ -31,6 +31,9 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -42,6 +45,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "low"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_filevault_autologin_disable.yaml
+++ b/rules/os/os_filevault_autologin_disable.yaml
@@ -32,6 +32,9 @@ references:
  800-171r2:
    - 3.1.1
    - 3.1.2
+  cisv8:
+    - 3.3
+    - 6.7
 macOS:
  - "12.0"
 tags:
@@ -43,6 +46,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_firewall_log_enable.yaml
+++ b/rules/os/os_firewall_log_enable.yaml
@@ -33,6 +33,10 @@ references:
    - 3.13.1
    - 3.13.2
    - 3.13.5
+  cisv8:
+    - 4.5
+    - 8.2
+    - 8.5
 macOS:
  - "12.0"
 tags:
@@ -44,6 +48,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.security.firewall:
--- a/rules/os/os_gatekeeper_enable.yaml
+++ b/rules/os/os_gatekeeper_enable.yaml
@@ -37,6 +37,10 @@ references:
    - N/A
  800-171r2:
    - 3.4.5
+  cisv8:
+    - 10.1
+    - 10.2
+    - 10.5
 macOS:
  - "12.0"
 tags:
@@ -47,6 +51,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "high"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_gatekeeper_rearm.yaml
+++ b/rules/os/os_gatekeeper_rearm.yaml
@@ -24,6 +24,8 @@ references:
    - N/A
  800-171r2:
    - 3.4.5
+  cisv8:
+    - 10.5
 macOS:
  - "12.0"
 tags:
@@ -34,6 +36,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.ManagedClient.preferences:
--- a/rules/os/os_handoff_disable.yaml
+++ b/rules/os/os_handoff_disable.yaml
@@ -34,6 +34,9 @@ references:
    - 3.1.2
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -45,6 +48,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/os/os_hbss_installed.yaml
+++ b/rules/os/os_hbss_installed.yaml
@@ -22,10 +22,16 @@ references:
    - N/A
  disa_stig: 
    - N/A
+  cisv8:
+    - 10.1
+    - 10.2
+    - 10.6
+    - 10.7
 macOS:
  - "12.0"
 tags:
  - manual
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_httpd_disable.yaml
+++ b/rules/os/os_httpd_disable.yaml
@@ -30,6 +30,9 @@ references:
  800-171r2:
    - 3.1.1
    - 3.1.2
+  cisv8:
+    - 3.3
+    - 6.7
 macOS:
  - "12.0"
 tags:
@@ -41,6 +44,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_icloud_storage_prompt_disable.yaml
+++ b/rules/os/os_icloud_storage_prompt_disable.yaml
@@ -25,6 +25,9 @@ references:
    - N/A
  800-171r2:
    - 3.1.20
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -36,6 +39,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_internet_accounts_prefpane_disable.yaml
+++ b/rules/os/os_internet_accounts_prefpane_disable.yaml
@@ -31,6 +31,9 @@ references:
    - N/A
  800-171r2:
    - 3.1.20
+  cisv8:
+    - 4.8
+    - 15.2
 macOS:
  - "12.0"
 tags:
@@ -42,6 +45,7 @@ tags:
  - 800-53r5_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_ir_support_disable.yaml
+++ b/rules/os/os_ir_support_disable.yaml
@@ -32,6 +32,10 @@ references:
  800-171r2:
    - 3.1.16
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 12.6
 macOS:
  - "12.0"
 tags:
@@ -43,6 +47,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.ManagedClient.preferences:
--- a/rules/os/os_logical_access.yaml
+++ b/rules/os/os_logical_access.yaml
@@ -26,6 +26,9 @@ references:
  800-171r2:
    - 3.1.1
    - 3.1.2
+  cisv8:
+    - 3.3
+    - 6.7
 macOS:
  - "12.0"
 tags:
@@ -38,5 +41,6 @@ tags:
  - 800-171
  - cnssi-1253
  - inherent
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_mail_app_disable.yaml
+++ b/rules/os/os_mail_app_disable.yaml
@@ -35,6 +35,9 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -46,6 +49,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_malicious_code_prevention.yaml
+++ b/rules/os/os_malicious_code_prevention.yaml
@@ -45,6 +45,10 @@ references:
    - N/A
  srg:
    - N/A
+  cisv8:
+    - 10.1
+    - 10.2
+    - 10.5
 macOS:
  - "12.0"
 tags:
@@ -52,5 +56,6 @@ tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_mdm_require.yaml
+++ b/rules/os/os_mdm_require.yaml
@@ -42,6 +42,9 @@ references:
  800-171r2:
    - 3.4.1
    - 3.4.2
+  cisv8:
+    - 4.1
+    - 5.1
 macOS:
  - "12.0"
 tags:
@@ -53,5 +56,6 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_messages_app_disable.yaml
+++ b/rules/os/os_messages_app_disable.yaml
@@ -31,6 +31,9 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -42,6 +45,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "low"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_mfa_network_access.yaml
+++ b/rules/os/os_mfa_network_access.yaml
@@ -20,9 +20,12 @@ references:
    - N/A
  srg:
    - N/A
+  cisv8:
+    - 5.6
 macOS:
  - "12.0"
 tags:
  - inherent
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_nfsd_disable.yaml
+++ b/rules/os/os_nfsd_disable.yaml
@@ -29,6 +29,9 @@ references:
  800-171r2:
    - 3.1.1
    - 3.1.2
+  cisv8:
+    - 3.3
+    - 6.7
 macOS:
  - "12.0"
 tags:
@@ -40,6 +43,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_obscure_password.yaml
+++ b/rules/os/os_obscure_password.yaml
@@ -29,6 +29,8 @@ references:
    - 3.5.1
    - 3.5.2
    - 3.5.11
+  cisv8:
+    - 4.1
 macOS:
  - "12.0"
 tags:
@@ -41,5 +43,6 @@ tags:
  - 800-171
  - cnssi-1253
  - inherent
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_parental_controls_enable.yaml
+++ b/rules/os/os_parental_controls_enable.yaml
@@ -28,6 +28,8 @@ references:
    - N/A
  800-171r2:
    - 3.4.7
+  cisv8:
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -37,6 +39,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess.new:
--- a/rules/os/os_password_autofill_disable.yaml
+++ b/rules/os/os_password_autofill_disable.yaml
@@ -35,6 +35,9 @@ references:
    - 3.4.6
    - 3.5.1
    - 3.5.2
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -46,6 +49,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/os/os_password_proximity_disable.yaml
+++ b/rules/os/os_password_proximity_disable.yaml
@@ -31,6 +31,9 @@ references:
  800-171r2:
    - 3.5.1
    - 3.5.2
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -42,6 +45,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/os/os_password_sharing_disable.yaml
+++ b/rules/os/os_password_sharing_disable.yaml
@@ -28,6 +28,9 @@ references:
  800-171r2:
    - 3.5.1
    - 3.5.2
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -39,6 +42,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/os/os_privacy_setup_prompt_disable.yaml
+++ b/rules/os/os_privacy_setup_prompt_disable.yaml
@@ -25,10 +25,14 @@ references:
    - N/A
  disa_stig: 
    - N/A
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
  - none
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_root_disable.yaml
+++ b/rules/os/os_root_disable.yaml
@@ -27,6 +27,8 @@ references:
  800-171r2:
    - 3.5.1
    - 3.5.2
+  cisv8:
+    - 4.7
 macOS:
  - "12.0"
 tags:
@@ -38,5 +40,6 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_secure_name_resolution.yaml
+++ b/rules/os/os_secure_name_resolution.yaml
@@ -24,6 +24,8 @@ references:
    - N/A
  srg:
    - N/A
+  cisv8:
+    - 4.9
 macOS:
  - "12.0"
 tags:
@@ -35,5 +37,6 @@ tags:
  - 800-53r4_high
  - cnssi-1253
  - permanent
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_sip_enable.yaml
+++ b/rules/os/os_sip_enable.yaml
@@ -65,6 +65,10 @@ references:
    - 3.3.8
    - 3.4.5
    - 3.13.4
+  cisv8:
+    - 2.6
+    - 3.3
+    - 10.5
 macOS:
  - "12.0"
 tags:
@@ -76,6 +80,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_siri_prompt_disable.yaml
+++ b/rules/os/os_siri_prompt_disable.yaml
@@ -31,6 +31,9 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -42,6 +45,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_skip_unlock_with_watch_enabled.yaml
+++ b/rules/os/os_skip_unlock_with_watch_enabled.yaml
@@ -25,6 +25,8 @@ references:
    - N/A
  800-171r2:
    - 3.1.20
+  cisv8:
+    - 4.1    
 macOS:
  - "12.0"
 tags:
@@ -36,6 +38,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8  
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/os/os_store_encrypted_passwords.yaml
+++ b/rules/os/os_store_encrypted_passwords.yaml
@@ -30,6 +30,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 3.11
 macOS:
  - "12.0"
 tags:
@@ -42,5 +44,6 @@ tags:
  - 800-171
  - cnssi-1253
  - inherent
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_tftpd_disable.yaml
+++ b/rules/os/os_tftpd_disable.yaml
@@ -35,6 +35,10 @@ references:
  800-171r2:
    - 3.1.1
    - 3.1.2
+  cisv8:
+    - 3.3
+    - 3.1
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -46,6 +50,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "high"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_time_server_enabled.yaml
+++ b/rules/os/os_time_server_enabled.yaml
@@ -30,6 +30,8 @@ references:
    - N/A
  800-171r2:
    - 3.3.7
+  cisv8:
+    - 8.4
 macOS:
  - "12.0"
 tags:
@@ -40,6 +42,7 @@ tags:
  - 800-53r5_high 
  - 800-53r4_moderate 
  - 800-53r4_high
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_touchid_prompt_disable.yaml
+++ b/rules/os/os_touchid_prompt_disable.yaml
@@ -26,6 +26,8 @@ references:
  800-171r2:
    - 3.4.1
    - 3.4.2
+  cisv8:
+    - 4.1
 macOS:
  - "12.0"
 tags:
@@ -37,6 +39,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.SetupAssistant.managed:
--- a/rules/os/os_unique_identification.yaml
+++ b/rules/os/os_unique_identification.yaml
@@ -19,6 +19,9 @@ references:
    - N/A
  srg:
    - N/A
+  cisv8:
+    - 5.1
+    - 6.1
 macOS:
  - "12.0"
 tags:
@@ -26,5 +29,6 @@ tags:
  - 800-53r5_moderate
  - 800-53r5_high
  - inherent
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/os/os_uucp_disable.yaml
+++ b/rules/os/os_uucp_disable.yaml
@@ -33,6 +33,10 @@ references:
  800-171r2:
    - 3.1.1
    - 3.1.2
+  cisv8:
+    - 3.3
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -44,6 +48,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_60_day_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_60_day_enforce.yaml
@@ -33,6 +33,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 4.7
 macOS:
  - "12.0"
 tags:
@@ -44,6 +46,7 @@ tags:
  - 800-53r5_low 
  - 800-53r5_moderate 
  - 800-53r5_high
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_account_inactivity_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_account_inactivity_enforce.yaml
@@ -50,6 +50,8 @@ references:
  800-171r2:
    - 3.5.5
    - 3.5.6
+  cisv8:
+    - 5.3
 macOS:
  - "12.0"
 tags:
@@ -60,5 +62,6 @@ tags:
  - 800-53r4_high
  - 800-53r5_moderate
  - 800-53r5_high
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_account_lockout_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_account_lockout_enforce.yaml
@@ -25,6 +25,8 @@ references:
    - N/A
  800-171r2:
    - 3.1.8
+  cisv8:
+    - 4.1
 macOS:
  - "12.0"
 tags:
@@ -36,6 +38,7 @@ tags:
  - 800-53r5_low 
  - 800-53r5_moderate 
  - 800-53r5_high
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_account_lockout_timeout_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_account_lockout_timeout_enforce.yaml
@@ -25,6 +25,8 @@ references:
    - N/A
  800-171r2:
    - 3.1.8
+  cisv8:
+    - 4.1
 macOS:
  - "12.0"
 tags:
@@ -36,6 +38,7 @@ tags:
  - 800-53r5_low 
  - 800-53r5_moderate 
  - 800-53r5_high
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_alpha_numeric_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_alpha_numeric_enforce.yaml
@@ -33,6 +33,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -44,6 +46,7 @@ tags:
  - 800-53r5_low 
  - 800-53r5_moderate 
  - 800-53r5_high
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_force_password_change.yaml
+++ b/rules/pwpolicy/pwpolicy_force_password_change.yaml
@@ -36,6 +36,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -48,5 +50,6 @@ tags:
  - 800-53r5_moderate
  - 800-53r5_high
  - inherent
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_history_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_history_enforce.yaml
@@ -32,6 +32,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -43,6 +45,7 @@ tags:
  - 800-53r5_low 
  - 800-53r5_moderate 
  - 800-53r5_high
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_lower_case_character_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_lower_case_character_enforce.yaml
@@ -57,6 +57,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -68,5 +70,6 @@ tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml
@@ -33,6 +33,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -44,6 +46,7 @@ tags:
  - 800-53r5_low 
  - 800-53r5_moderate 
  - 800-53r5_high
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_minimum_lifetime_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_minimum_lifetime_enforce.yaml
@@ -54,6 +54,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 4.7
 macOS:
  - "12.0"
 tags:
@@ -65,5 +67,6 @@ tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_simple_sequence_disable.yaml
+++ b/rules/pwpolicy/pwpolicy_simple_sequence_disable.yaml
@@ -33,6 +33,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -44,6 +46,7 @@ tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high 
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.mobiledevice.passwordpolicy:
--- a/rules/pwpolicy/pwpolicy_special_character_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_special_character_enforce.yaml
@@ -35,6 +35,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -46,6 +48,7 @@ tags:
  - 800-53r5_low 
  - 800-53r5_moderate 
  - 800-53r5_high
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/pwpolicy/pwpolicy_upper_case_character_enforce.yaml
+++ b/rules/pwpolicy/pwpolicy_upper_case_character_enforce.yaml
@@ -57,6 +57,8 @@ references:
    - 3.5.8
    - 3.5.9
    - 3.5.10
+  cisv8:
+    - 5.2
 macOS:
  - "12.0"
 tags:
@@ -68,5 +70,6 @@ tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/sysprefs/sysprefs_airplay_receiver_disable.yaml
+++ b/rules/sysprefs/sysprefs_airplay_receiver_disable.yaml
@@ -27,13 +27,17 @@ references:
  disa_stig: 
    - N/A
  800-171r2:
-    - N/A
+    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8    
 macOS:
  - "12.0"
 tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
+  - cisv8  
 mobileconfig: true
 mobileconfig_info:
  com.apple.controlcenter:
--- a/rules/sysprefs/sysprefs_bluetooth_disable.yaml
+++ b/rules/sysprefs/sysprefs_bluetooth_disable.yaml
@@ -31,6 +31,10 @@ references:
    - N/A
  800-171r2:
    - 3.13.8
+  cisv8:
+    - 4.8
+    - 12.6
+    - 13.9
 macOS:
  - "12.0"
 tags:
@@ -41,6 +45,7 @@ tags:
  - 800-53r5_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "low"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/sysprefs/sysprefs_bluetooth_sharing_disable.yaml
+++ b/rules/sysprefs/sysprefs_bluetooth_sharing_disable.yaml
@@ -46,6 +46,10 @@ references:
    - 3.1.2
    - 3.1.16
    - 3.4.7
+  cisv8:
+    - 3.3
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -57,6 +61,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: false
 mobileconfig_info:

--- a/rules/sysprefs/sysprefs_content_caching_disable.yaml
+++ b/rules/sysprefs/sysprefs_content_caching_disable.yaml
@@ -27,6 +27,9 @@ references:
    - N/A
  800-171r2:
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -38,6 +41,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/sysprefs/sysprefs_critical_update_install_enforce.yaml
+++ b/rules/sysprefs/sysprefs_critical_update_install_enforce.yaml
@@ -23,12 +23,17 @@ references:
    - N/A
  800-171r2:
    - N/A
+  cisv8:
+    - 7.3
+    - 7.4
+    - 7.7
 macOS:
  - "12.0"
 tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.SoftwareUpdate:
--- a/rules/sysprefs/sysprefs_diagnostics_reports_disable.yaml
+++ b/rules/sysprefs/sysprefs_diagnostics_reports_disable.yaml
@@ -28,6 +28,9 @@ references:
    - N/A
  800-171r2:
    - 3.1.20
+  cisv8:
+    - 4.1
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -39,6 +42,7 @@ tags:
  - 800-53r5_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/sysprefs/sysprefs_filevault_enforce.yaml
+++ b/rules/sysprefs/sysprefs_filevault_enforce.yaml
@@ -29,6 +29,9 @@ references:
    - N/A
  800-171r2:
    - 3.13.16
+  cisv8:
+    - 3.6
+    - 3.11
 macOS:
  - "12.0"
 tags:
@@ -38,6 +41,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: false
 mobileconfig_info:
--- a/rules/sysprefs/sysprefs_find_my_disable.yaml
+++ b/rules/sysprefs/sysprefs_find_my_disable.yaml
@@ -32,6 +32,10 @@ references:
  800-171r2:
    - 3.1.20
    - 3.4.6
+  cisv8:
+    - 4.1
+    - 4.8
+    - 15.3
 macOS:
  - "12.0"
 tags:
@@ -43,6 +47,7 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: true
 mobileconfig_info:
  com.apple.applicationaccess:
--- a/rules/sysprefs/sysprefs_firewall_enable.yaml
+++ b/rules/sysprefs/sysprefs_firewall_enable.yaml
@@ -41,6 +41,10 @@ references:
    - 3.13.1
    - 3.13.2
    - 3.13.5
+  cisv8:
+    - 4.1
+    - 4.5
+    - 13.1
 macOS:
  - "12.0"
 tags:
@@ -52,6 +56,7 @@ tags:
  - 800-53r5_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/sysprefs/sysprefs_firewall_stealth_mode_enable.yaml
+++ b/rules/sysprefs/sysprefs_firewall_stealth_mode_enable.yaml
@@ -37,6 +37,10 @@ references:
    - 3.13.1
    - 3.13.2
    - 3.13.5
+  cisv8:
+    - 4.1
+    - 4.5
+    - 4.8
 macOS:
  - "12.0"
 tags:
@@ -48,6 +52,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "medium"
 mobileconfig: true
 mobileconfig_info:
--- a/rules/sysprefs/sysprefs_guest_access_smb_disable.yaml
+++ b/rules/sysprefs/sysprefs_guest_access_smb_disable.yaml
@@ -31,6 +31,10 @@ references:
  800-171r2:
    - 3.5.1
    - 3.5.2
+  cisv8:
+    - 5.2
+    - 6.2
+    - 6.8
 macOS:
  - "12.0"
 tags:
@@ -42,5 +46,6 @@ tags:
  - 800-53r4_high
  - 800-171
  - cnssi-1253
+  - cisv8
 mobileconfig: false
 mobileconfig_info:
--- a/rules/sysprefs/sysprefs_guest_account_disable.yaml
+++ b/rules/sysprefs/sysprefs_guest_account_disable.yaml
@@ -28,6 +28,10 @@ references:
  800-171r2:
    - 3.5.1
    - 3.5.2
+  cisv8:
+    - 5.2
+    - 6.2
+    - 6.8
 macOS:
  - "12.0"
 tags:
@@ -39,6 +43,7 @@ tags:
  - 800-53r4_high 
  - 800-171 
  - cnssi-1253
+  - cisv8
 severity: "high"
 mobileconfig: true
 mobileconfig_info:
--- a/Show More
+++ b/Show More