macos_security

mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00

Author	SHA1	Message	Date
Bob Gendler	fd7cb2755f	Merge branch 'tahoe'	2025-12-18 13:31:02 -05:00
Bob Gendler	a717febba3	Updated baseline files	2025-12-17 15:04:11 -05:00
Bob Gendler	6552f8416b	Updated DISA STIG Baseline file	2025-12-15 10:30:58 -05:00
Bob Gendler	ae7369643e	Added DISA STIG Baseline file	2025-12-11 16:25:08 -05:00
Allen Golbig	b00ae03b52	updates to tahoe	2025-11-06 12:03:22 -05:00
Bob Gendler	94afaef2b3	Merge branch 'tahoe' macOS Tahoe Guidance Release	2025-09-11 15:41:55 -04:00
Bob Gendler	a1ce3ac0e6	Updated baseline files	2025-09-11 11:54:04 -04:00
Bob Gendler	c3dfee2f7e	Updated baseline files	2025-09-10 10:38:14 -04:00
mahlmanj	d193274a19	Merge branch 'dev_tahoe' into dev_tahoe_cmmc	2025-09-03 09:38:35 -04:00
Allen Golbig	bd6283f95b	cis_lvl1 & cis_lvl2 (DRAFT)	2025-09-02 16:59:16 -04:00
Bob Gendler	0729b11629	refactor[baseline] updated all rules Updated name of os_image_generation_disable to os_image_playground_disable	2025-09-02 11:06:39 -04:00
mahlmanj	1ca7f2969b	Updated rules	2025-08-14 14:04:35 -04:00
Dan Brodjieski	6a92365882	fix: added all_rules baseline for testing	2025-07-25 11:37:21 -04:00
Bob Gendler	7c5aa2541a	Removed baseline files	2025-07-24 16:35:44 -04:00
Bob Gendler	5d21314e8b	refactor - Public Beta build macOS 26.0 Tahoe Updated rule files Updated baseline files Updated mscp-data file Updated VERSION	2025-07-24 16:00:00 -04:00
Bob Gendler	252852d3d2	Release	2025-07-01 14:43:21 -04:00
Bob Gendler	dbb7f7f38d	refactor[rules/baseline] Added missing baseline tags to system_settings_ssh_disable Added rule to baseline files	2025-06-26 11:32:09 -04:00
Bob Gendler	37a57841e6	Updated baseline files	2025-06-18 14:51:40 -04:00
Bob Gendler	2bce7b1672	refactor[baselines] Updated CIS Benchmark files Baseline files updated	2025-06-18 09:49:03 -04:00
Dan Brodjieski	16d0501b28	update[cis]: additional controls for v1.1.0	2025-05-07 10:30:12 -04:00
Bob Gendler	f98126bbcf	Merge branch 'dev_sequoia_issue468' into sequoia	2025-04-14 11:45:37 -04:00
Bob Gendler	2cc0dada21	updated baseline files	2025-04-14 10:40:09 -04:00
Bob Gendler	d85688f7a1	Updated baseline files to add additional rule	2025-04-04 10:57:51 -04:00
Bob Gendler	ec39b92d70	refactor[baselines] Updated baseline files Updated to include Apple Intelligence rules	2025-03-31 11:23:31 -04:00
Allen Golbig	e3429c6abb	removed cis references from os_iphone_mirroring_disable	2025-03-07 13:43:00 -05:00
Bob Gendler	30d4a1af04	Sequoia Release 1.1 (#457 ) * refactor[rules] STIG IDs Initial STIG-IDs added to rule files. * refactor[rules]ccis added New CCIs added to rules * refactor[rules] SRGs added New SRGs added to stig rules * refactor[rule] pwpolicy_custom_regex_enforce Remove unneeded SRG * refactor[rules] Added, Removed, Updated rules - os_authenticated_root_enable, updated check - os_directory_services_configured, removed from stig - os_ess_installed, removed from stig - os_firewall_log_enable, removed from 15.x - os_genmoji_disable, added 800-53 and stig - os_image_generation_disable, added 800-53 and sti.yaml - os_iphone_mirroring_disable - os_password_autofill_disable, added 800-53 and sti - os_ssh_fips_compliant, fixed check/fix - os_ssh_server_alive_count_max_configure, fixed fix - os_ssh_server_alive_interval_configure, fixed fix - os_sshd_fips_compliant, fixed fix/check - os_sudo_log_enforce, added 800-53 and stig - os_writing_tools_disable, added 800-53 and sti - pwpolicy_custom_regex_enforce, updated regex - system_settings_ssh_enable, removed from stig * refactor[rules] Removed from STIG Removed CCI, SRG, STIG ID, and STIG tag * refactor[rules]Added new STIG IDs Added STIG ID to - os_genmoji_disable - os_image_generation_disable - os_sudo_log_enforce - os_writing_tools_disable * Added new rule file * Add APPL-15-002023 * added APPL-15-002024 * fix[rules] removed tags for rules removed removed tags from rules removed from cis * added os_time_server_enable back to cis * Update Gitignore * Updating CIS benchmark and tags in missed rules. * refactor[rules]ssh fips and sshd fips Updated check and fix for ssh and sshd for FIPS * refactor[rules]ssh and sshd fips added check into sshd to not fix if proper * Fixed ODV regression for CIS * added missing path to grep * removed [ ] * Fix to not print, and fix multiple entries in .ssh/config * added dev null redirection, prevention of double entries * Fixed bin to dev and case insensitive sed * 800-171 Rev 2 to Rev 3 * Updated media sharing key * Updated STIG ID * merge from sequoia * refactor[rules] ssh fixes Updated ssh fixes to match os_ssh_fips_compliant * slightly simplier fix. removed unneeded loop * slightly simplier fix. removed unneeded loop * Adjusting CIS numbering. * fix[rule] fixed path Fixed path in system_settings_system_wide_preferences_configure * fix[rule] fixed path on line 63 fixed path in system_settings_system_wide_preferences_configure * fix[rule] added reference Added reference to os_sudo_log_enforce * refactor[rules] Added, Modified and deleted rules Added os_mail_summary_disable Added os_photos_enhanced_search_disable Removed system_settings_cd_dvd_sharing_disable Modified system_settings_improve_search_disable - updated title Modified system_settings_improve_siri_dictation_disable - updated title * renamed .yml to .yaml * changes for upcoming cis release * refactor - DISA STIG references updated to sequoia for DISA STIG baseline file created for disa stig * added os_sleep_and_display_sleep_apple_silicon_enable to all_rules * refactor[rules] CNSSI tags added Added CNSSI1253 low, moderate, high tags * refactor[baselines] Updated baseline files Updated cnssi1253 baseline files Updated all_rules baseline file Updated CIS baseline files * udpdated baseline files * [fix]system_settings_sleep_enforce sleep/displaysleep swap * updated title * fix[rule] remove cis tags and reference remove cis ref & tag from system_settings_improve_search_disable issue #443 * Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable * Fixing Sleep/displaysleep numbers based on CIS changes. * Fixing os_sleep_and_display_sleep_apple_silicon_enable * Removing DRAFT status from CIS * [fix]rule world writable library folder os_world_writable_library_folder_configure issue# 445 * refactor[rules] Added missing CCEs Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable * fix[rule] updated odv hint pwpolicy_custom_regex_enforce odv hint updated * Update system_settings_improve_assistive_voice_disable Issue #450 * refactor[rules]pwpolicy updates Removed 800-53 and 800-171 tags Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09 * refactor[rules] Added external intelligence rules Added rules to disable external intelligence features for 15.2 * Issue #450 * updated pwpolicy * Added CCEs * Removed double stig tag * updated baseline files * updated changelog * removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml * updated changelog * update[supplemental]: added 800-63 guidance fix[supplemental]: update note about filevault unlock * refactor[rule] pwpolicy_special_character_enforce Updated check to allow greater than ODV. Issue #451 * refactor[rules] ssh rules discussion update Added mention of /usr/libexec/reset-ssh-configuration. * updated release date and version * Added uniq to prevent false negatives * updated authors * updated release date --------- Co-authored-by: Allen Golbig <golbiga@gmail.com> Co-authored-by: mahlmanj <john.mahlman@leidos.com> Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>	2024-12-16 10:24:59 -05:00
Bob Gendler	a908b9a7be	removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml	2024-12-10 11:38:16 -05:00
Bob Gendler	a186415346	updated baseline files	2024-12-10 11:04:32 -05:00
mahlmanj	457f030eba	Removing DRAFT status from CIS	2024-11-07 10:51:16 -05:00
Allen Golbig	ac50ebedee	fix[rule] remove cis tags and reference remove cis ref & tag from system_settings_improve_search_disable issue #443	2024-10-30 14:21:29 -04:00
Bob Gendler	2170874f28	udpdated baseline files	2024-10-24 10:21:38 -04:00
Bob Gendler	307c3b00af	refactor[baselines] Updated baseline files Updated cnssi1253 baseline files Updated all_rules baseline file Updated CIS baseline files	2024-10-24 10:19:43 -04:00
Bob Gendler	64520d0fa8	Merge branch 'sequoia' into dev_sequoia	2024-10-24 10:18:55 -04:00
Allen Golbig	a630005317	added os_sleep_and_display_sleep_apple_silicon_enable to all_rules	2024-10-24 10:00:45 -04:00
Bob Gendler	4e89c26fe8	refactor - DISA STIG references updated to sequoia for DISA STIG baseline file created for disa stig	2024-10-24 09:25:19 -04:00
Allen Golbig	0f533e9d8f	changes for upcoming cis release	2024-10-23 21:39:59 -04:00
Bob Gendler	1315f06638	800-171 Rev 2 to Rev 3	2024-09-23 11:26:43 -04:00
mahlmanj	ecb5de498d	Updating CIS benchmark and tags in missed rules.	2024-09-18 12:18:25 -04:00
Allen Golbig	eecf9b3978	added os_time_server_enable back to cis	2024-09-17 09:32:50 -04:00
Allen Golbig	a971615249	fix[rules] removed tags for rules removed removed tags from rules removed from cis	2024-09-17 09:27:01 -04:00
Bob Gendler	15c47e7fc9	updated baseline files	2024-09-12 11:50:37 -04:00
Bob Gendler	bdd06fd928	refactor[baselines] Added baseline files Added baseline files Edit mscp-data to reflect 15.x not 14.	2024-09-09 21:09:56 -04:00
mahlmanj	4d4d71ca16	[deleted] os_safari_popups_disabled	2024-09-05 12:41:22 -04:00
John Mahlman	391e5ff6f5	Removing unneeded rules.	2024-08-30 11:32:44 -04:00
John Mahlman	9ba2fcabd2	Update baselines.	2024-08-30 10:37:26 -04:00
Allen Golbig	4c6fb8b693	removed os_firewall_log_enable from all_rules	2024-08-12 09:01:33 -04:00
Allen Golbig	701e4d6b6a	dev_sequoia	2024-07-15 18:01:42 -04:00
Bob Gendler	9fc373b236	Updated baseline files	2024-04-04 11:46:12 -04:00
Bob Gendler	2ab099bfcd	Dev sonoma issue356 (#367 ) * chore[rules]: updated STIG tags Removed the stig tag from rules that weren't in the stig. Added 'srg' tag to rules that had SRG references, but not in stig Issue #356 * chore[baseline]: updated STIG baseline * chore[references]: updated CCI and SRG refs Updated severity where needed too * fix[rule]: yaml syntax for CCI * fix[rules]: added missing STIG ODVs --------- Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov> Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>	2024-02-26 15:50:02 -05:00
Dan Brodjieski	7ff8240bca	chore[baseline]: updated STIG yaml removed unneeded support files	2024-01-31 12:24:14 -05:00

1 2 3 4

200 Commits