usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-06-11 03:20:29 +01:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,647 Commits 27 Branches 61 Tags
sequoia
Commit Graph

202 Commits

Author SHA1 Message Date
Bob Gendler
7206932f8c updated baseline file 2025-12-17 15:45:06 -05:00
Bob Gendler
69a42e6713 Updated baseline files 2025-12-17 14:50:57 -05:00
Dan Brodjieski
e5876d5cbe Merge branch 'sequoia' into dev_sequoia_bio 2025-11-21 16:30:10 -05:00
Dan Brodjieski
6740fc977a chore: updates for 3.0 release 2025-09-11 12:20:38 -04:00
Dan Brodjieski
2fe891db30 docs[stig]: update refernces to V1R4 2025-09-09 11:35:35 -04:00
Jordy Witteman
64dba1e8d4 Merge branch 'dev_sequoia_nlmapgov' into sequoia 2025-09-05 20:39:45 +02:00
mahlmanj
1460f2082f Updating rules to add CMMC tags and removing tags from one. Update baselines. 2025-08-18 14:55:41 -04:00
Jordy Witteman
0e85b93535 Updates and mapping 
- Updates to some rules
- Mapping added for `nlmapgov_plus` to the BIO rules
 2025-08-07 17:22:41 +02:00
Jordy Witteman
76b404a828 Update nlmapgov_plus.yaml 2025-07-24 17:14:27 +02:00
Jordy Witteman
d7be09a4de NLMAPGOV updates 
- Added additional audit rules to `nlmapgov_base`
- Added first draft of `nlmapgov_plus`, designed as a complete package with rules from best practices from the field and other baselines. Still requires evaluation and altering by organizations.
 2025-07-24 17:12:32 +02:00
Jordy Witteman
e569753014 Merge branch 'usnistgov:main' into nlmapgov 2025-07-10 17:02:03 +02:00
Bob Gendler
252852d3d2 Release 2025-07-01 14:43:21 -04:00
Bob Gendler
dbb7f7f38d refactor[rules/baseline] 
Added missing baseline tags to system_settings_ssh_disable
Added rule to baseline files
 2025-06-26 11:32:09 -04:00
Bob Gendler
37a57841e6 Updated baseline files 2025-06-18 14:51:40 -04:00
Bob Gendler
2bce7b1672 refactor[baselines] Updated CIS Benchmark files 
Baseline files updated
 2025-06-18 09:49:03 -04:00
Jordy Witteman
2061622396 Minor name change 
Minor name change
 2025-05-26 17:27:55 +02:00
Jordy Witteman
f702efa237 Merge branch 'sequoia' of https://github.com/usnistgov/macos_security into usnistgov-sequoia 2025-05-26 15:49:41 +02:00
Jordy Witteman
194e43b934 Update nlmapgov_base.yaml 2025-05-15 17:04:20 +02:00
Dan Brodjieski
16d0501b28 update[cis]: additional controls for v1.1.0 2025-05-07 10:30:12 -04:00
Bob Gendler
f98126bbcf Merge branch 'dev_sequoia_issue468' into sequoia 2025-04-14 11:45:37 -04:00
Bob Gendler
2cc0dada21 updated baseline files 2025-04-14 10:40:09 -04:00
Jordy Witteman
42e76d9300 Maatregelen toegevoegd 
- pwpolicy_minimum_length_enforce
- pwpolicy_prevent_dictionary_words
- system_settings_guest_account_disable
 2025-04-11 15:15:08 +02:00
Bob Gendler
d85688f7a1 Updated baseline files to add additional rule 2025-04-04 10:57:51 -04:00
Jordy Witteman
657bd211f4 New rules added 
New rules added
 2025-04-03 16:27:43 +02:00
Bob Gendler
ec39b92d70 refactor[baselines] Updated baseline files 
Updated to include Apple Intelligence rules
 2025-03-31 11:23:31 -04:00
Jordy Witteman
cd2187c0a4 Eerste experiment baseline aanmaken 
Eerste experiment baseline aanmaken met mSCP. Inhoudelijke regels zijn enkel om mechanisme te testen.
 2025-03-27 17:08:52 +01:00
Allen Golbig
e3429c6abb removed cis references from os_iphone_mirroring_disable 2025-03-07 13:43:00 -05:00
Bob Gendler
30d4a1af04 Sequoia Release 1.1 (#457) 
* refactor[rules] STIG IDs

Initial STIG-IDs added to rule files.

* refactor[rules]ccis added

New CCIs added to rules

* refactor[rules] SRGs added

New SRGs added to stig rules

* refactor[rule] pwpolicy_custom_regex_enforce

Remove unneeded SRG

* refactor[rules] Added, Removed, Updated rules

- os_authenticated_root_enable, updated check
- os_directory_services_configured, removed from stig
- os_ess_installed, removed from stig
- os_firewall_log_enable, removed from 15.x
- os_genmoji_disable, added 800-53 and stig
- os_image_generation_disable, added 800-53 and sti.yaml
- os_iphone_mirroring_disable
- os_password_autofill_disable, added 800-53 and sti
- os_ssh_fips_compliant, fixed check/fix
- os_ssh_server_alive_count_max_configure, fixed fix
- os_ssh_server_alive_interval_configure, fixed fix
- os_sshd_fips_compliant, fixed fix/check
- os_sudo_log_enforce, added 800-53 and stig
- os_writing_tools_disable, added 800-53 and sti
- pwpolicy_custom_regex_enforce, updated regex
- system_settings_ssh_enable, removed from stig

* refactor[rules] Removed from STIG

Removed CCI, SRG, STIG ID, and STIG tag

* refactor[rules]Added new STIG IDs

Added STIG ID to
- os_genmoji_disable
- os_image_generation_disable
- os_sudo_log_enforce
- os_writing_tools_disable

* Added new rule file

* Add APPL-15-002023

* added APPL-15-002024

* fix[rules] removed tags for rules removed

removed tags from rules removed from cis

* added os_time_server_enable back to cis

* Update Gitignore

* Updating CIS benchmark and tags in missed rules.

* refactor[rules]ssh fips and sshd fips

Updated check and fix for ssh and sshd for FIPS

* refactor[rules]ssh and sshd fips

added check into sshd to not fix if proper

* Fixed ODV regression for CIS

* added missing path to grep

* removed [ ]

* Fix to not print, and fix multiple entries in .ssh/config

* added dev null redirection, prevention of double entries

* Fixed bin to dev and case insensitive sed

* 800-171 Rev 2 to Rev 3

* Updated media sharing key

* Updated STIG ID

* merge from sequoia

* refactor[rules] ssh fixes

Updated ssh fixes to match os_ssh_fips_compliant

* slightly simplier fix. removed unneeded loop

* slightly simplier fix. removed unneeded loop

* Adjusting CIS numbering.

* fix[rule] fixed path

Fixed path in system_settings_system_wide_preferences_configure

* fix[rule] fixed path on line 63

fixed path in system_settings_system_wide_preferences_configure

* fix[rule] added reference

Added reference to os_sudo_log_enforce

* refactor[rules] Added, Modified and deleted rules

Added os_mail_summary_disable
Added os_photos_enhanced_search_disable
Removed system_settings_cd_dvd_sharing_disable
Modified system_settings_improve_search_disable - updated title
Modified system_settings_improve_siri_dictation_disable - updated title

* renamed .yml to .yaml

* changes for upcoming cis release

* refactor - DISA STIG

references updated to sequoia for DISA STIG
baseline file created for disa stig

* added os_sleep_and_display_sleep_apple_silicon_enable to all_rules

* refactor[rules] CNSSI tags added

Added CNSSI1253 low, moderate, high tags

* refactor[baselines] Updated baseline files

Updated cnssi1253 baseline files
Updated all_rules baseline file
Updated CIS baseline files

* udpdated baseline files

* [fix]system_settings_sleep_enforce sleep/displaysleep swap

* updated title

* fix[rule] remove cis tags and reference

remove cis ref & tag from system_settings_improve_search_disable

issue #443

* Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable

* Fixing Sleep/displaysleep numbers based on CIS changes.

* Fixing os_sleep_and_display_sleep_apple_silicon_enable

* Removing DRAFT status from CIS

* [fix]rule world writable library folder

os_world_writable_library_folder_configure

issue# 445

* refactor[rules] Added missing CCEs

Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable

* fix[rule] updated odv hint

pwpolicy_custom_regex_enforce odv hint updated

* Update system_settings_improve_assistive_voice_disable

Issue #450

* refactor[rules]pwpolicy updates

Removed 800-53 and 800-171 tags

Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09

* refactor[rules] Added external intelligence rules

Added rules to disable external intelligence features for 15.2

* Issue #450

* updated pwpolicy

* Added CCEs

* Removed double stig tag

* updated baseline files

* updated changelog

* removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml

* updated changelog

* update[supplemental]: added 800-63 guidance
fix[supplemental]: update note about filevault unlock

* refactor[rule] pwpolicy_special_character_enforce

Updated check to allow greater than ODV.

Issue #451

* refactor[rules] ssh rules discussion update

Added mention of /usr/libexec/reset-ssh-configuration.

* updated release date and version

* Added uniq to prevent false negatives

* updated authors

* updated release date

---------

Co-authored-by: Allen Golbig <golbiga@gmail.com>
Co-authored-by: mahlmanj <john.mahlman@leidos.com>
Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
 2024-12-16 10:24:59 -05:00
Bob Gendler
a908b9a7be removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml 2024-12-10 11:38:16 -05:00
Bob Gendler
a186415346 updated baseline files 2024-12-10 11:04:32 -05:00
mahlmanj
457f030eba Removing DRAFT status from CIS 2024-11-07 10:51:16 -05:00
Allen Golbig
ac50ebedee fix[rule] remove cis tags and reference 
remove cis ref & tag from system_settings_improve_search_disable

issue #443
 2024-10-30 14:21:29 -04:00
Bob Gendler
2170874f28 udpdated baseline files 2024-10-24 10:21:38 -04:00
Bob Gendler
307c3b00af refactor[baselines] Updated baseline files 
Updated cnssi1253 baseline files
Updated all_rules baseline file
Updated CIS baseline files
 2024-10-24 10:19:43 -04:00
Bob Gendler
64520d0fa8 Merge branch 'sequoia' into dev_sequoia 2024-10-24 10:18:55 -04:00
Allen Golbig
a630005317 added os_sleep_and_display_sleep_apple_silicon_enable to all_rules 2024-10-24 10:00:45 -04:00
Bob Gendler
4e89c26fe8 refactor - DISA STIG 
references updated to sequoia for DISA STIG
baseline file created for disa stig
 2024-10-24 09:25:19 -04:00
Allen Golbig
0f533e9d8f changes for upcoming cis release 2024-10-23 21:39:59 -04:00
Bob Gendler
1315f06638 800-171 Rev 2 to Rev 3 2024-09-23 11:26:43 -04:00
mahlmanj
ecb5de498d Updating CIS benchmark and tags in missed rules. 2024-09-18 12:18:25 -04:00
Allen Golbig
eecf9b3978 added os_time_server_enable back to cis 2024-09-17 09:32:50 -04:00
Allen Golbig
a971615249 fix[rules] removed tags for rules removed 
removed tags from rules removed from cis
 2024-09-17 09:27:01 -04:00
Bob Gendler
15c47e7fc9 updated baseline files 2024-09-12 11:50:37 -04:00
Bob Gendler
bdd06fd928 refactor[baselines] Added baseline files 
Added baseline files
Edit mscp-data to reflect 15.x not 14.
 2024-09-09 21:09:56 -04:00
mahlmanj
4d4d71ca16 [deleted] os_safari_popups_disabled 2024-09-05 12:41:22 -04:00
John Mahlman
391e5ff6f5 Removing unneeded rules. 2024-08-30 11:32:44 -04:00
John Mahlman
9ba2fcabd2 Update baselines. 2024-08-30 10:37:26 -04:00
Allen Golbig
4c6fb8b693 removed os_firewall_log_enable from all_rules 2024-08-12 09:01:33 -04:00
Allen Golbig
701e4d6b6a dev_sequoia 2024-07-15 18:01:42 -04:00
Bob Gendler
9fc373b236 Updated baseline files 2024-04-04 11:46:12 -04:00