96 Commits

Author	SHA1	Message	Date
Dan Brodjieski	7fffa815aa	proposed 2.0 schema and rules	2025-04-17 12:43:36 -04:00
Bob Gendler	93a1efcf38	updated 2.0 rules	2025-04-03 13:34:32 -04:00
Bob Gendler	35484aec01	refactor[rules] Updated 2.0 format rules ... Rebuilt rules with updated platform name	2025-04-03 10:05:07 -04:00
Bob Gendler	d012ee1203	Redo 2.0 rules	2025-03-12 12:55:52 -04:00
Bob Gendler	8292bd72e7	Initial 2.0 dev rules	2025-03-12 10:28:05 -04:00
Bob Gendler	30d4a1af04	Sequoia Release 1.1 (#457) ... * refactor[rules] STIG IDs Initial STIG-IDs added to rule files. * refactor[rules]ccis added New CCIs added to rules * refactor[rules] SRGs added New SRGs added to stig rules * refactor[rule] pwpolicy_custom_regex_enforce Remove unneeded SRG * refactor[rules] Added, Removed, Updated rules - os_authenticated_root_enable, updated check - os_directory_services_configured, removed from stig - os_ess_installed, removed from stig - os_firewall_log_enable, removed from 15.x - os_genmoji_disable, added 800-53 and stig - os_image_generation_disable, added 800-53 and sti.yaml - os_iphone_mirroring_disable - os_password_autofill_disable, added 800-53 and sti - os_ssh_fips_compliant, fixed check/fix - os_ssh_server_alive_count_max_configure, fixed fix - os_ssh_server_alive_interval_configure, fixed fix - os_sshd_fips_compliant, fixed fix/check - os_sudo_log_enforce, added 800-53 and stig - os_writing_tools_disable, added 800-53 and sti - pwpolicy_custom_regex_enforce, updated regex - system_settings_ssh_enable, removed from stig * refactor[rules] Removed from STIG Removed CCI, SRG, STIG ID, and STIG tag * refactor[rules]Added new STIG IDs Added STIG ID to - os_genmoji_disable - os_image_generation_disable - os_sudo_log_enforce - os_writing_tools_disable * Added new rule file * Add APPL-15-002023 * added APPL-15-002024 * fix[rules] removed tags for rules removed removed tags from rules removed from cis * added os_time_server_enable back to cis * Update Gitignore * Updating CIS benchmark and tags in missed rules. * refactor[rules]ssh fips and sshd fips Updated check and fix for ssh and sshd for FIPS * refactor[rules]ssh and sshd fips added check into sshd to not fix if proper * Fixed ODV regression for CIS * added missing path to grep * removed [ ] * Fix to not print, and fix multiple entries in .ssh/config * added dev null redirection, prevention of double entries * Fixed bin to dev and case insensitive sed * 800-171 Rev 2 to Rev 3 * Updated media sharing key * Updated STIG ID * merge from sequoia * refactor[rules] ssh fixes Updated ssh fixes to match os_ssh_fips_compliant * slightly simplier fix. removed unneeded loop * slightly simplier fix. removed unneeded loop * Adjusting CIS numbering. * fix[rule] fixed path Fixed path in system_settings_system_wide_preferences_configure * fix[rule] fixed path on line 63 fixed path in system_settings_system_wide_preferences_configure * fix[rule] added reference Added reference to os_sudo_log_enforce * refactor[rules] Added, Modified and deleted rules Added os_mail_summary_disable Added os_photos_enhanced_search_disable Removed system_settings_cd_dvd_sharing_disable Modified system_settings_improve_search_disable - updated title Modified system_settings_improve_siri_dictation_disable - updated title * renamed .yml to .yaml * changes for upcoming cis release * refactor - DISA STIG references updated to sequoia for DISA STIG baseline file created for disa stig * added os_sleep_and_display_sleep_apple_silicon_enable to all_rules * refactor[rules] CNSSI tags added Added CNSSI1253 low, moderate, high tags * refactor[baselines] Updated baseline files Updated cnssi1253 baseline files Updated all_rules baseline file Updated CIS baseline files * udpdated baseline files * [fix]system_settings_sleep_enforce sleep/displaysleep swap * updated title * fix[rule] remove cis tags and reference remove cis ref & tag from system_settings_improve_search_disable issue #443 * Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable * Fixing Sleep/displaysleep numbers based on CIS changes. * Fixing os_sleep_and_display_sleep_apple_silicon_enable * Removing DRAFT status from CIS * [fix]rule world writable library folder os_world_writable_library_folder_configure issue# 445 * refactor[rules] Added missing CCEs Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable * fix[rule] updated odv hint pwpolicy_custom_regex_enforce odv hint updated * Update system_settings_improve_assistive_voice_disable Issue #450 * refactor[rules]pwpolicy updates Removed 800-53 and 800-171 tags Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09 * refactor[rules] Added external intelligence rules Added rules to disable external intelligence features for 15.2 * Issue #450 * updated pwpolicy * Added CCEs * Removed double stig tag * updated baseline files * updated changelog * removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml * updated changelog * update[supplemental]: added 800-63 guidance fix[supplemental]: update note about filevault unlock * refactor[rule] pwpolicy_special_character_enforce Updated check to allow greater than ODV. Issue #451 * refactor[rules] ssh rules discussion update Added mention of /usr/libexec/reset-ssh-configuration. * updated release date and version * Added uniq to prevent false negatives * updated authors * updated release date --------- Co-authored-by: Allen Golbig <golbiga@gmail.com> Co-authored-by: mahlmanj <john.mahlman@leidos.com> Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>	2024-12-16 10:24:59 -05:00
Bob Gendler	3a327020a3	refactor[rules] CCEs added ... Added NIST issued CCEs	2024-09-09 20:50:49 -04:00
Bob Gendler	9271106cd6	refactor[rules] Converted 171r2 to 171r3 ... Added 171r3 to some rules Converted 171r2 to r3 in most rules	2024-09-01 21:28:47 -04:00
Dan Brodjieski	5e782d3fdd	refactor[ddm]: add ddm info to remaining sshd rules	2024-07-30 15:01:01 -04:00
Bob Gendler	96ade12e2f	feat[ddm] Added DDM to sequoia ... Updated scripts and rule files	2024-07-24 14:00:10 -04:00
Allen Golbig	d1de3c0665	removed cces and stigs	2024-07-15 19:52:43 -04:00
Allen Golbig	701e4d6b6a	dev_sequoia	2024-07-15 18:01:42 -04:00
Bob Gendler	2ab099bfcd	Dev sonoma issue356 (#367) ... * chore[rules]: updated STIG tags Removed the stig tag from rules that weren't in the stig. Added 'srg' tag to rules that had SRG references, but not in stig Issue #356 * chore[baseline]: updated STIG baseline * chore[references]: updated CCI and SRG refs Updated severity where needed too * fix[rule]: yaml syntax for CCI * fix[rules]: added missing STIG ODVs --------- Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov> Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>	2024-02-26 15:50:02 -05:00
Dan Brodjieski	701ed9bec0	chore[rules]: updates from published STIG ... added STIG references and updated baselines to support latest release from DISA	2024-01-24 08:16:00 -05:00
Bob Gendler	2a41fdb23d	changed newstig to stig tag	2023-10-05 13:45:19 -04:00
Dan Brodjieski	37b00778fc	Merge branch 'dev_sonoma' into dev_sonoma_disa ... Attempt to resync latest Sonoma changes	2023-09-14 15:18:30 -04:00
Dan Brodjieski	5acbdbd21e	chore: clean up extraneous trailing whitespace	2023-09-14 14:21:06 -04:00
Bob Gendler	e5fb336bdb	refactor[rules] CCEs added ... Added NIST issued CCEs to all rule files	2023-09-09 14:43:51 -04:00
Bob Gendler	4e003fb7c1	refactor[rules] removed newstig tag ... Removed SRGs and newstig tag	2023-09-01 10:39:17 -04:00
Dan Brodjieski	5dbf9ee3c3	fix[rules]: yaml cleanup from merge	2023-08-31 14:53:11 -04:00
Dan Brodjieski	861d14815b	refactor[stig]: merged SRGs from DISA ... Rewrote all the rule yaml files to have correct SRG references. Added scripts to work with new STIG workflows.	2023-08-31 11:37:33 -04:00
Bob Gendler	901d01dd33	refactor[rules] Updated sshd rules ... Updated sshd -T rules to use sshd -G available in OpenSSH 9.3p1 Issue #278	2023-08-02 10:10:14 -04:00
Bob Gendler	206884b723	removed stig tag	2023-08-01 14:21:15 -04:00
Bob Gendler	a3ce45a986	refactor[rules] removed CCE and disa stig controls	2023-08-01 13:50:01 -04:00
Allen Golbig	c396f18b24	feat[baseline] dev_sonoma ... dev_sonoma	2023-07-13 22:17:34 -04:00
Bob Gendler	e02209c0e6	Removed old cnssi tag	2023-06-22 12:51:58 -04:00
Bob Gendler	9fccb44c5d	Merge branch 'dev_ventura_stig' into ventura	2023-06-22 12:47:18 -04:00
Bob Gendler	fc9d45b03c	Merge branch 'dev_ventura_cmmc' into ventura	2023-06-22 12:23:41 -04:00
Allen Golbig	9e29b7c86c	refactor[rules] removed level 3 from cmmc ... Removed lvl 3 from cmmc	2023-05-25 16:25:41 -04:00
Bob Gendler	59f6113560	refactor[rules] Added missing required rule files ... Added required payload to system_settings_firewall_stealth_mode_enable and auth_smartcard_enforce Added missing DISA STIG references to auth_smartcard_allow and system_settings_firewall_enable	2023-05-25 09:45:31 -04:00
Bob Gendler	827a2c352d	cnssi tags added	2023-05-04 13:53:17 -04:00
Bob Gendler	f0bc8666c9	refactor[rules/baselines] DISA STIG ... Re-add DISA STIG branch * New rules added * STIG references and tags added * Whitespace clean up * DISA-STIG baseline added	2023-05-04 13:43:18 -04:00
Bob Gendler	7c44cd2daf	refactor[rules] removed tags ... Removed cnssi-1253 tag	2023-04-26 09:59:22 -04:00
Bob Gendler	aa574dfbd2	refactor[rules] fixed sync issue	2023-04-26 09:57:28 -04:00
Bob Gendler	fa6711513e	Merge branch 'ventura' into dev_ventura_cmmc	2023-04-26 09:55:16 -04:00
Dan Brodjieski	0f5f5b697e	update[baselines]: removed cnssi tags ... removing until cnssi updates are finalized	2023-04-25 11:56:23 -04:00
Bob Gendler	27c2317ec2	refactor[rules] check/fix update ... auth_ssh_password_authentication_disable check and fix updated. ChallengeResponseAuthentication was replaced with KbdInteractiveAuthentication. Updated fix to write to sshd_config.d/01-mscp-sshd.sshd_config Updated check to read from sshd -T Issue #223	2023-01-18 15:28:38 -05:00
mahlmanj	7efee13b82	Here we go! First rule push.	2022-12-19 11:43:52 -05:00
Dan Brodjieski	fead101e4b	refactor[rules]: removed STIG referencing ... Removed references to the STIG until it is released.	2022-10-18 18:57:37 -04:00
Bob Gendler	9e53ed64ba	refactor [rules] Removed STIG tags and ODV ... Removed stig baseline file Removed stig tag from rules Removed stig odv from rules Removed old way of hiding and disabling system preference panes	2022-10-18 11:07:54 -04:00
Bob Gendler	624b01e8c5	CCEs added	2022-08-29 16:17:11 -04:00
Bob Gendler	dd53f7a523	CCE changed to N/A	2022-07-14 20:58:55 -04:00
Bob Gendler	25d7facec3	macos changed from 12.0 to 13.0	2022-07-12 17:25:08 -04:00
Allen Golbig	79bcc0e847	fixed v8 verbiage	2022-03-04 11:35:09 -05:00
Allen Golbig	37970264e0	fix formatting	2022-02-10 13:46:20 -05:00
Bob Gendler	d9a13f79c8	jxa check merge	2022-02-10 12:00:28 -05:00
Bob Gendler	c8dda0001c	Merge branch 'dev_cis_monterey' of https://github.com/usnistgov/macos_security into dev_cis_monterey	2022-02-10 11:56:04 -05:00
Dan Brodjieski	b4485c764c	APPL-12-001060	2022-02-09 12:47:13 -05:00
Bob Gendler	2c19bbf91a	srg and disa_stig added for macOS 12	2022-02-08 17:20:14 -05:00
Bob Gendler	2c2cec7e3f	Revert "srg and disa_stig added for macOS 12" ... This reverts commit 46318ef076.	2022-02-08 17:13:48 -05:00