162 Commits

Author	SHA1	Message	Date
Dan Brodjieski	ec97b047ea	chore: move legacy 1.0 data add symlinks	2025-12-18 16:43:39 -05:00
Bob Gendler	30d4a1af04	Sequoia Release 1.1 (#457) ... * refactor[rules] STIG IDs Initial STIG-IDs added to rule files. * refactor[rules]ccis added New CCIs added to rules * refactor[rules] SRGs added New SRGs added to stig rules * refactor[rule] pwpolicy_custom_regex_enforce Remove unneeded SRG * refactor[rules] Added, Removed, Updated rules - os_authenticated_root_enable, updated check - os_directory_services_configured, removed from stig - os_ess_installed, removed from stig - os_firewall_log_enable, removed from 15.x - os_genmoji_disable, added 800-53 and stig - os_image_generation_disable, added 800-53 and sti.yaml - os_iphone_mirroring_disable - os_password_autofill_disable, added 800-53 and sti - os_ssh_fips_compliant, fixed check/fix - os_ssh_server_alive_count_max_configure, fixed fix - os_ssh_server_alive_interval_configure, fixed fix - os_sshd_fips_compliant, fixed fix/check - os_sudo_log_enforce, added 800-53 and stig - os_writing_tools_disable, added 800-53 and sti - pwpolicy_custom_regex_enforce, updated regex - system_settings_ssh_enable, removed from stig * refactor[rules] Removed from STIG Removed CCI, SRG, STIG ID, and STIG tag * refactor[rules]Added new STIG IDs Added STIG ID to - os_genmoji_disable - os_image_generation_disable - os_sudo_log_enforce - os_writing_tools_disable * Added new rule file * Add APPL-15-002023 * added APPL-15-002024 * fix[rules] removed tags for rules removed removed tags from rules removed from cis * added os_time_server_enable back to cis * Update Gitignore * Updating CIS benchmark and tags in missed rules. * refactor[rules]ssh fips and sshd fips Updated check and fix for ssh and sshd for FIPS * refactor[rules]ssh and sshd fips added check into sshd to not fix if proper * Fixed ODV regression for CIS * added missing path to grep * removed [ ] * Fix to not print, and fix multiple entries in .ssh/config * added dev null redirection, prevention of double entries * Fixed bin to dev and case insensitive sed * 800-171 Rev 2 to Rev 3 * Updated media sharing key * Updated STIG ID * merge from sequoia * refactor[rules] ssh fixes Updated ssh fixes to match os_ssh_fips_compliant * slightly simplier fix. removed unneeded loop * slightly simplier fix. removed unneeded loop * Adjusting CIS numbering. * fix[rule] fixed path Fixed path in system_settings_system_wide_preferences_configure * fix[rule] fixed path on line 63 fixed path in system_settings_system_wide_preferences_configure * fix[rule] added reference Added reference to os_sudo_log_enforce * refactor[rules] Added, Modified and deleted rules Added os_mail_summary_disable Added os_photos_enhanced_search_disable Removed system_settings_cd_dvd_sharing_disable Modified system_settings_improve_search_disable - updated title Modified system_settings_improve_siri_dictation_disable - updated title * renamed .yml to .yaml * changes for upcoming cis release * refactor - DISA STIG references updated to sequoia for DISA STIG baseline file created for disa stig * added os_sleep_and_display_sleep_apple_silicon_enable to all_rules * refactor[rules] CNSSI tags added Added CNSSI1253 low, moderate, high tags * refactor[baselines] Updated baseline files Updated cnssi1253 baseline files Updated all_rules baseline file Updated CIS baseline files * udpdated baseline files * [fix]system_settings_sleep_enforce sleep/displaysleep swap * updated title * fix[rule] remove cis tags and reference remove cis ref & tag from system_settings_improve_search_disable issue #443 * Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable * Fixing Sleep/displaysleep numbers based on CIS changes. * Fixing os_sleep_and_display_sleep_apple_silicon_enable * Removing DRAFT status from CIS * [fix]rule world writable library folder os_world_writable_library_folder_configure issue# 445 * refactor[rules] Added missing CCEs Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable * fix[rule] updated odv hint pwpolicy_custom_regex_enforce odv hint updated * Update system_settings_improve_assistive_voice_disable Issue #450 * refactor[rules]pwpolicy updates Removed 800-53 and 800-171 tags Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09 * refactor[rules] Added external intelligence rules Added rules to disable external intelligence features for 15.2 * Issue #450 * updated pwpolicy * Added CCEs * Removed double stig tag * updated baseline files * updated changelog * removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml * updated changelog * update[supplemental]: added 800-63 guidance fix[supplemental]: update note about filevault unlock * refactor[rule] pwpolicy_special_character_enforce Updated check to allow greater than ODV. Issue #451 * refactor[rules] ssh rules discussion update Added mention of /usr/libexec/reset-ssh-configuration. * updated release date and version * Added uniq to prevent false negatives * updated authors * updated release date --------- Co-authored-by: Allen Golbig <golbiga@gmail.com> Co-authored-by: mahlmanj <john.mahlman@leidos.com> Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>	2024-12-16 10:24:59 -05:00
Bob Gendler	15c47e7fc9	updated baseline files	2024-09-12 11:50:37 -04:00
Bob Gendler	bdd06fd928	refactor[baselines] Added baseline files ... Added baseline files Edit mscp-data to reflect 15.x not 14.	2024-09-09 21:09:56 -04:00
mahlmanj	4d4d71ca16	[deleted] os_safari_popups_disabled	2024-09-05 12:41:22 -04:00
John Mahlman	391e5ff6f5	Removing unneeded rules.	2024-08-30 11:32:44 -04:00
John Mahlman	9ba2fcabd2	Update baselines.	2024-08-30 10:37:26 -04:00
Allen Golbig	4c6fb8b693	removed os_firewall_log_enable from all_rules	2024-08-12 09:01:33 -04:00
Allen Golbig	701e4d6b6a	dev_sequoia	2024-07-15 18:01:42 -04:00
Bob Gendler	9fc373b236	Updated baseline files	2024-04-04 11:46:12 -04:00
Bob Gendler	2ab099bfcd	Dev sonoma issue356 (#367) ... * chore[rules]: updated STIG tags Removed the stig tag from rules that weren't in the stig. Added 'srg' tag to rules that had SRG references, but not in stig Issue #356 * chore[baseline]: updated STIG baseline * chore[references]: updated CCI and SRG refs Updated severity where needed too * fix[rule]: yaml syntax for CCI * fix[rules]: added missing STIG ODVs --------- Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov> Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>	2024-02-26 15:50:02 -05:00
Dan Brodjieski	7ff8240bca	chore[baseline]: updated STIG yaml ... removed unneeded support files	2024-01-31 12:24:14 -05:00
Dan Brodjieski	701ed9bec0	chore[rules]: updates from published STIG ... added STIG references and updated baselines to support latest release from DISA	2024-01-24 08:16:00 -05:00
Dan Brodjieski	f06782a180	Merge branch 'sonoma' into dev_sonoma_disa	2024-01-23 15:45:21 -05:00
Allen Golbig	812d3b93ca	fix[rules] updates for cis release ... Moved os_safari_javascript_enabled to manual	2023-10-13 10:35:00 -04:00
Bob Gendler	50c33a90e0	Renamed baseline file	2023-10-05 13:50:26 -04:00
Bob Gendler	ccc9675769	Renamed baseline file	2023-10-05 13:49:54 -04:00
Bob Gendler	a1505a4ff8	new stig draft baseline created	2023-10-05 13:43:31 -04:00
Bob Gendler	64f26af052	removed r4 baselines	2023-09-21 15:08:58 -04:00
Bob Gendler	da12659012	last minute CIS additions	2023-09-21 15:08:31 -04:00
Bob Gendler	ed1eb1b890	updated baselines	2023-09-20 14:44:04 -04:00
Bob Gendler	be766ebd06	added *macOS Security Compliance Project*	2023-09-20 13:57:14 -04:00
Bob Gendler	7bec67dd1f	resync with dev_sonoma	2023-09-20 13:52:06 -04:00
mahlmanj	cbf3cfe65c	Updateing baselines with new rule	2023-09-19 15:51:11 -04:00
mahlmanj	19b76b02e1	Syncing level 1 baseline (and updates)	2023-09-19 15:27:24 -04:00
Bob Gendler	d25a6d31ac	Added baseline files	2023-09-19 12:43:51 -04:00
Dan Brodjieski	5acbdbd21e	chore: clean up extraneous trailing whitespace	2023-09-14 14:21:06 -04:00
mahlmanj	ff2de7a933	CMMC level 2 updated for Sonoma	2023-09-12 15:29:19 -04:00
mahlmanj	889de402ab	CMMC Sonoma dev branch. Unaltered baselines.	2023-09-12 15:27:56 -04:00
Allen Golbig	c396f18b24	feat[baseline] dev_sonoma ... dev_sonoma	2023-07-13 22:17:34 -04:00
Bob Gendler	7d7205e376	refactor[baselines]removed unncessary supplemental ... Removed stig and cis supplemental from baselines not requiring it.	2023-06-26 10:32:07 -04:00
Bob Gendler	6105b6e144	tag issue resolved	2023-06-22 13:07:43 -04:00
Bob Gendler	85e2d68fe4	[refactor] rules, baselines, includes ... Added cnssi and disa stig to mscp-data.yaml Generated updated baseline files Fixed merge issue with audit_files_owner_configure	2023-06-22 13:01:59 -04:00
Bob Gendler	9fccb44c5d	Merge branch 'dev_ventura_stig' into ventura	2023-06-22 12:47:18 -04:00
Dan Brodjieski	a6fbad2241	refactor[rule]: updated baseline for STIG	2023-06-13 10:19:12 -04:00
Allen Golbig	9e29b7c86c	refactor[rules] removed level 3 from cmmc ... Removed lvl 3 from cmmc	2023-05-25 16:25:41 -04:00
Bob Gendler	dd40ffa6f2	refactor[baseline] DISA-STIG Baseline adjusted ... Added supplemental_stig Removed supplemental_controls and pf_firewall	2023-05-23 12:22:49 -04:00
Bob Gendler	f0bc8666c9	refactor[rules/baselines] DISA STIG ... Re-add DISA STIG branch * New rules added * STIG references and tags added * Whitespace clean up * DISA-STIG baseline added	2023-05-04 13:43:18 -04:00
Bob Gendler	fa6711513e	Merge branch 'ventura' into dev_ventura_cmmc	2023-04-26 09:55:16 -04:00
Dan Brodjieski	0f5f5b697e	update[baselines]: removed cnssi tags ... removing until cnssi updates are finalized	2023-04-25 11:56:23 -04:00
Dan Brodjieski	feec3b41b8	fix[baselines]: removed deprecated rules ... Removed deprecated rules from the baseline files	2023-04-25 11:52:03 -04:00
Allen Golbig	c0762ed62c	fix[baseline] added time machine encryption ... Added system_settings_time_machine_encrypted_configure to cis_lvl1	2023-01-03 10:52:12 -05:00
mahlmanj	88ddd0487c	Adding missing inherint rule for LVL 3.	2022-12-22 11:19:29 -05:00
mahlmanj	23c4797454	Updating authors.	2022-12-19 12:53:08 -05:00
mahlmanj	7efee13b82	Here we go! First rule push.	2022-12-19 11:43:52 -05:00
mahlmanj	f198137659	Updating baselines to include more in description.	2022-12-19 09:41:44 -05:00
mahlmanj	29d4ce5f8b	Second draft of CMMC baselines. Readjusted.	2022-12-16 15:43:04 -05:00
Bob Gendler	4061bf588d	changed 12 to 13 in title	2022-11-30 11:52:38 -05:00
Bob Gendler	d0ac9889a7	Merge branch 'dev_ventura_pr195' into ventura	2022-11-18 09:22:18 -05:00
Bob Gendler	461aae2f2d	refactor[baselines] Added new rules ... New rules added to all_rules and cis related baselines	2022-11-15 11:27:31 -05:00