usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-09 08:12:18 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,460 Commits 26 Branches 61 Tags
505-create-python-scp-library
Commit Graph

39 Commits

Author SHA1 Message Date
Dan Brodjieski
828e25f700 updates to merge process 2025-04-09 11:35:49 -04:00
Allen Golbig
a43c9db55a Update discussions.yaml 2025-04-08 20:19:09 -04:00
Bob Gendler
c9bc70f3cb Updated discussions.yaml 2025-04-08 15:44:44 -04:00
Dan Brodjieski
991c5aaffe add function to read discussions.yaml 2025-04-08 15:35:00 -04:00
Dan Brodjieski
31f4902e58 updated schema 2025-04-08 09:28:42 -04:00
Bob Gendler
30d4a1af04 Sequoia Release 1.1 (#457) 
* refactor[rules] STIG IDs

Initial STIG-IDs added to rule files.

* refactor[rules]ccis added

New CCIs added to rules

* refactor[rules] SRGs added

New SRGs added to stig rules

* refactor[rule] pwpolicy_custom_regex_enforce

Remove unneeded SRG

* refactor[rules] Added, Removed, Updated rules

- os_authenticated_root_enable, updated check
- os_directory_services_configured, removed from stig
- os_ess_installed, removed from stig
- os_firewall_log_enable, removed from 15.x
- os_genmoji_disable, added 800-53 and stig
- os_image_generation_disable, added 800-53 and sti.yaml
- os_iphone_mirroring_disable
- os_password_autofill_disable, added 800-53 and sti
- os_ssh_fips_compliant, fixed check/fix
- os_ssh_server_alive_count_max_configure, fixed fix
- os_ssh_server_alive_interval_configure, fixed fix
- os_sshd_fips_compliant, fixed fix/check
- os_sudo_log_enforce, added 800-53 and stig
- os_writing_tools_disable, added 800-53 and sti
- pwpolicy_custom_regex_enforce, updated regex
- system_settings_ssh_enable, removed from stig

* refactor[rules] Removed from STIG

Removed CCI, SRG, STIG ID, and STIG tag

* refactor[rules]Added new STIG IDs

Added STIG ID to
- os_genmoji_disable
- os_image_generation_disable
- os_sudo_log_enforce
- os_writing_tools_disable

* Added new rule file

* Add APPL-15-002023

* added APPL-15-002024

* fix[rules] removed tags for rules removed

removed tags from rules removed from cis

* added os_time_server_enable back to cis

* Update Gitignore

* Updating CIS benchmark and tags in missed rules.

* refactor[rules]ssh fips and sshd fips

Updated check and fix for ssh and sshd for FIPS

* refactor[rules]ssh and sshd fips

added check into sshd to not fix if proper

* Fixed ODV regression for CIS

* added missing path to grep

* removed [ ]

* Fix to not print, and fix multiple entries in .ssh/config

* added dev null redirection, prevention of double entries

* Fixed bin to dev and case insensitive sed

* 800-171 Rev 2 to Rev 3

* Updated media sharing key

* Updated STIG ID

* merge from sequoia

* refactor[rules] ssh fixes

Updated ssh fixes to match os_ssh_fips_compliant

* slightly simplier fix. removed unneeded loop

* slightly simplier fix. removed unneeded loop

* Adjusting CIS numbering.

* fix[rule] fixed path

Fixed path in system_settings_system_wide_preferences_configure

* fix[rule] fixed path on line 63

fixed path in system_settings_system_wide_preferences_configure

* fix[rule] added reference

Added reference to os_sudo_log_enforce

* refactor[rules] Added, Modified and deleted rules

Added os_mail_summary_disable
Added os_photos_enhanced_search_disable
Removed system_settings_cd_dvd_sharing_disable
Modified system_settings_improve_search_disable - updated title
Modified system_settings_improve_siri_dictation_disable - updated title

* renamed .yml to .yaml

* changes for upcoming cis release

* refactor - DISA STIG

references updated to sequoia for DISA STIG
baseline file created for disa stig

* added os_sleep_and_display_sleep_apple_silicon_enable to all_rules

* refactor[rules] CNSSI tags added

Added CNSSI1253 low, moderate, high tags

* refactor[baselines] Updated baseline files

Updated cnssi1253 baseline files
Updated all_rules baseline file
Updated CIS baseline files

* udpdated baseline files

* [fix]system_settings_sleep_enforce sleep/displaysleep swap

* updated title

* fix[rule] remove cis tags and reference

remove cis ref & tag from system_settings_improve_search_disable

issue #443

* Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable

* Fixing Sleep/displaysleep numbers based on CIS changes.

* Fixing os_sleep_and_display_sleep_apple_silicon_enable

* Removing DRAFT status from CIS

* [fix]rule world writable library folder

os_world_writable_library_folder_configure

issue# 445

* refactor[rules] Added missing CCEs

Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable

* fix[rule] updated odv hint

pwpolicy_custom_regex_enforce odv hint updated

* Update system_settings_improve_assistive_voice_disable

Issue #450

* refactor[rules]pwpolicy updates

Removed 800-53 and 800-171 tags

Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09

* refactor[rules] Added external intelligence rules

Added rules to disable external intelligence features for 15.2

* Issue #450

* updated pwpolicy

* Added CCEs

* Removed double stig tag

* updated baseline files

* updated changelog

* removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml

* updated changelog

* update[supplemental]: added 800-63 guidance
fix[supplemental]: update note about filevault unlock

* refactor[rule] pwpolicy_special_character_enforce

Updated check to allow greater than ODV.

Issue #451

* refactor[rules] ssh rules discussion update

Added mention of /usr/libexec/reset-ssh-configuration.

* updated release date and version

* Added uniq to prevent false negatives

* updated authors

* updated release date

---------

Co-authored-by: Allen Golbig <golbiga@gmail.com>
Co-authored-by: mahlmanj <john.mahlman@leidos.com>
Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
 2024-12-16 10:24:59 -05:00
Bob Gendler
bdd06fd928 refactor[baselines] Added baseline files 
Added baseline files
Edit mscp-data to reflect 15.x not 14.
 2024-09-09 21:09:56 -04:00
Bob Gendler
98c46e62ef updated supported payloads. copied sudo_log from stig 2024-09-04 10:53:39 -04:00
Bob Gendler
539cdfd83d refactor[rules] Added Disk Management DDM 
Added com.apple.configuration.diskmanagement.settings to mscp-data
Added os_external_storage_restriction
Added os_network_storage_restriction
 2024-07-26 14:50:43 -04:00
Bob Gendler
96ade12e2f feat[ddm] Added DDM to sequoia 
Updated scripts and rule files
 2024-07-24 14:00:10 -04:00
Dan Brodjieski
08dc48ec77 fix: removed duplicate policies 
Removed password policies from the pwpolicy.xml file that can be set with a profile.

Issue #373
 2024-03-04 15:39:54 -05:00
Dan Brodjieski
7ff8240bca chore[baseline]: updated STIG yaml 
removed unneeded support files
 2024-01-31 12:24:14 -05:00
Dan Brodjieski
701ed9bec0 chore[rules]: updates from published STIG 
added STIG references and updated baselines to support latest release from DISA
 2024-01-24 08:16:00 -05:00
Dan Brodjieski
f06782a180 Merge branch 'sonoma' into dev_sonoma_disa 2024-01-23 15:45:21 -05:00
Bob Gendler
49a8b1663d refactor[includes] Updated enablePF-mscp.sh 
Updated script based on slack discussion
 2023-11-28 10:39:21 -05:00
Dan Brodjieski
37b00778fc Merge branch 'dev_sonoma' into dev_sonoma_disa 
Attempt to resync latest Sonoma changes
 2023-09-14 15:18:30 -04:00
Dan Brodjieski
5acbdbd21e chore: clean up extraneous trailing whitespace 2023-09-14 14:21:06 -04:00
Dan Brodjieski
861d14815b refactor[stig]: merged SRGs from DISA 
Rewrote all the rule yaml files to have correct SRG references.
Added scripts to work with new STIG workflows.
 2023-08-31 11:37:33 -04:00
Allen Golbig
c396f18b24 feat[baseline] dev_sonoma 
dev_sonoma
 2023-07-13 22:17:34 -04:00
Bob Gendler
85e2d68fe4 [refactor] rules, baselines, includes 
Added cnssi and disa stig to mscp-data.yaml
Generated updated baseline files
Fixed merge issue with audit_files_owner_configure
 2023-06-22 13:01:59 -04:00
Bob Gendler
fc9d45b03c Merge branch 'dev_ventura_cmmc' into ventura 2023-06-22 12:23:41 -04:00
Bob Gendler
0d719fc53e added com.apple.sharingd payload 2023-06-22 10:56:50 -04:00
Allen Golbig
9e29b7c86c refactor[rules] removed level 3 from cmmc 
Removed lvl 3 from cmmc
 2023-05-25 16:25:41 -04:00
Allen Golbig
74c536f3ef fix[mscp-data] Fixed titles for cmmc baselines 
Fixed titles for cmmc baselines
 2023-04-27 17:22:58 -04:00
mahlmanj
318cc09cd3 Updating temaples and scripts 2022-12-19 12:23:46 -05:00
Allen Golbig
bf89986362 fix[helperfile] fixed mscp-data file 
Added All Rules title to mscp-data.yaml
 2022-12-05 14:41:38 -05:00
Allen Golbig
5bf1f70f45 feat[script] Additional Authors 
Sync changes from monterey to support additional authors

Issue #105
 2022-12-01 19:24:34 -05:00
Bob Gendler
2434a22cdb refactor [includes] Added additional domain 
Added additional payload domain com.apple.locationmenu
 2022-10-18 17:20:33 -04:00
Bob Gendler
16bf58f49d refactor[smartcards] Added info on ignoreARD key 
Created information in supplemental and authorization header on the
ignoreARD key for smartcards and screen sharing and screen recording.
 2022-09-20 16:20:13 -04:00
Allen Golbig
cb9c041553 #106 2022-02-15 21:06:17 -05:00
Allen Golbig
ce6040e7ce added cis rules 2022-01-12 15:08:58 -05:00
Allen Golbig
63a0ac8a3d additional cis controls 2021-12-28 08:50:09 -05:00
Dan Brodjieski
5ba3ccf0bc Fixed logic for supported payloads 2021-10-18 12:30:03 -04:00
Allen Golbig
c98af8e4ba firewall log changes 2021-08-25 13:51:59 -04:00
Allen Golbig
838fdc372f fixed mcx for guest account 2021-01-20 10:50:38 -05:00
Dan Brodjieski
5492ee6195 added globalpreferences to supported payloads 2020-10-02 16:13:32 -04:00
Dan Brodjieski
cea72947bd custom templates now supported 2020-09-14 10:50:59 -04:00
Bob Gendler
d2268e3d8b Update supported_payloads.yaml 2020-06-19 11:48:17 -04:00
Bob Gendler
32452073de Initial content commit 2020-06-11 17:47:26 -04:00