usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,644 Commits 26 Branches 61 Tags
3f16a71120d2c74d610e027aff614735e777ce35
Commit Graph

1644 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Brodjieski
3f16a71120 chore: setup spellcheck as reusable 2025-09-15 15:01:57 -04:00
Dan Brodjieski
c9430cfcf8 chore: move workflow to main 2025-09-15 14:50:54 -04:00
Dan Brodjieski
59d84969a4 chore: add cspell components to main 2025-09-15 14:47:26 -04:00
Bob Gendler
c3b3a3518f Merge pull request #565 from homebysix/no-eval 
Close compliance bypass caused by exploiting eval
 2025-09-15 10:41:37 -04:00
Elliot Jordan
d501cabff2 Use zsh's (z) parameter expansion flag instead of eval 2025-09-12 20:42:14 -07:00
Bob Gendler
86e91e57e1 Update README.md 2025-09-11 15:44:11 -04:00
Bob Gendler
94afaef2b3 Merge branch 'tahoe' 
macOS Tahoe Guidance Release
 2025-09-11 15:41:55 -04:00
Bob Gendler
19b7bfbb21 Update README.md tahoe_rev1 2025-09-11 15:27:16 -04:00
Bob Gendler
af08f7ce5a Fixed sequoia to tahoe 2025-09-11 15:18:15 -04:00
Bob Gendler
a1ce3ac0e6 Updated baseline files 2025-09-11 11:54:04 -04:00
Bob Gendler
300dbc3ceb Fixed check 2025-09-11 11:07:23 -04:00
Bob Gendler
ab9bdbdefb Fixed check 2025-09-11 11:06:16 -04:00
Bob Gendler
d2229dfcb6 Added CCE 2025-09-11 10:44:47 -04:00
Dan Brodjieski
57ede4b3cb chore: update for tahoe release 2025-09-11 10:31:11 -04:00
Dan Brodjieski
c78425c5b0 refactor[rules]: update checks for SkipSetupItems 
add[rules]: add skip Apple Intelligence during setup assistant
 2025-09-11 10:22:28 -04:00
Dan Brodjieski
280ef89f71 refactor: update deprecated keys 
migrate to new SkipSetupItems key in com.apple.SetupAssistant.managed in favor of deprecated keys

Issue #516
 2025-09-10 18:04:50 -04:00
Bob Gendler
c3dfee2f7e Updated baseline files 2025-09-10 10:38:14 -04:00
Allen Golbig
3400e0431b updated changelog 2025-09-09 22:38:02 -04:00
Allen Golbig
a3a30ca246 updated changelog 2025-09-09 20:51:54 -04:00
Bob Gendler
faab04ccbc Updated generate scap, scap 1.4, oval 5.12.1 2025-09-09 15:25:26 -04:00
Bob Gendler
d1ccb1fafb refactor[rules]CCEs added 
Added missing CCEs
 2025-09-09 12:34:27 -04:00
Dan Brodjieski
52afeab4db docs: update STIG references to V1R4 2025-09-09 11:37:16 -04:00
Dan Brodjieski
ba56857b10 feature[script]: add shell check to compliance script 
Compliance script will exit if not being run in a zsh
 2025-09-09 11:19:59 -04:00
Dan Brodjieski
3cfa06d631 fix[rules]: update macOS tags to 26.0 2025-09-09 11:05:39 -04:00
Allen Golbig
0771c4f600 Merge pull request #551 from mgajdar/tahoe_findings_fix 
Tahoe findings fix
 2025-09-09 08:46:13 -04:00
Michal Gajdar
2a14539f60 refactor[rules] Update moduleName to Tahoe for os_screensaver_loginwindow_enforce 2025-09-09 14:17:04 +02:00
Michal Gajdar
7ee012d67b refactor[rules] Update results 2025-09-09 14:15:49 +02:00
Dan Brodjieski
7fb95480c5 fix: removed duplicate code 2025-09-08 13:53:46 -04:00
Dan Brodjieski
a71f9d0576 Merge branch 'sequoia' into dev_tahoe 2025-09-08 13:46:16 -04:00
Allen Golbig
88529d4973 added rules folder to custom 2025-09-08 13:43:06 -04:00
Dan Brodjieski
05ea54961f fix{rule]: add note about FileVault implementation 
Issue #540
 2025-09-08 12:12:13 -04:00
Dan Brodjieski
1a6a8dfed5 fix[rule]: update check for time machine encryption 
changing to CIS method

Issue #538
 2025-09-08 12:02:07 -04:00
Bob Gendler
36ff6a2343 refactor[rules] Added missing CNSSI tags 
Updated 4 rules with missing tags
 2025-09-08 11:40:53 -04:00
Bob Gendler
f928e40f33 refactor[rules] FIPS 
Updated info on FIPS validation.
 2025-09-04 15:03:16 -04:00
Dan Brodjieski
84b3feb6bd add[rule]: new settings for Safari 
allowSafariHistoryClearing
allowSafariPrivateBrowsing
 2025-09-03 16:01:11 -04:00
Dan Brodjieski
c616f5f924 fix: adjust logic in pwpolicy rules 
checks allow for settings that fall within the limits of the rule instead of having to be exact

issue #541
 2025-09-03 12:24:46 -04:00
Dan Brodjieski
81e1363652 Merge pull request #548 from usnistgov/dev_tahoe_cmmc 
Tahoe CMMC Baseline Push
 2025-09-03 11:06:20 -04:00
Dan Brodjieski
a3f036f093 docs: add warning about allowPasscodeModification 
password policy supplemental updated with warning for restriction on passcode modification

issue #539
 2025-09-03 10:48:49 -04:00
mahlmanj
76973b03f4 Removing CMMC references from os_anti_virus_installed 2025-09-03 09:47:18 -04:00
mahlmanj
d193274a19 Merge branch 'dev_tahoe' into dev_tahoe_cmmc 2025-09-03 09:38:35 -04:00
Allen Golbig
bd6283f95b cis_lvl1 & cis_lvl2 (DRAFT) 2025-09-02 16:59:16 -04:00
Allen Golbig
5d84d3edb0 updates to cis 2025-09-02 13:18:36 -04:00
Dan Brodjieski
f3a250325c add[rule]: Configuration to disable AdminHostInfo 
Previous rule checked to see if the key was enforced rather than having the behavior configured. New rule will disable the behavior and ensure it's in a compliant state.
 2025-09-02 12:46:20 -04:00
Bob Gendler
0729b11629 refactor[baseline] updated all rules 
Updated name of os_image_generation_disable to os_image_playground_disable
 2025-09-02 11:06:39 -04:00
Bob Gendler
81afa1c4b1 refactor[rules] Updated discussions, references 
Updated discussions, references, and renamed file
 2025-09-02 11:03:50 -04:00
Dan Brodjieski
0fbd243e11 refactor: update DDM logic for nested keys 
DDM configuraitons with nested keys are correctly generated
 2025-09-02 10:23:30 -04:00
Allen Golbig
b2ff7554a8 changes for cis 2025-09-01 17:08:38 -04:00
Bob Gendler
e65e54651b refactor[rules] Added DDM check and info and move 
Moved 1 rule to os
Created software update rules for DDM
 2025-08-29 14:49:01 -04:00
Bob Gendler
07205f1e6a updated tftpd check-fix 2025-08-28 11:44:36 -04:00
Bob Gendler
6ae7611e8d refactor[rules] Updated check/fix 
Updated check and fix for services.
Updated using launchctl print system instead of launchctl list
 2025-08-28 11:43:02 -04:00