usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-17 22:32:09 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,368 Commits 29 Branches 61 Tags
40f01341fa68edfbf40df4e28bf7ae9d4b9d8fef
Commit Graph

100 Commits

Author SHA1 Message Date
Bob Gendler
97cde24135 updated check to use jxa 2024-07-15 21:07:00 -04:00
Bob Gendler
182a4d8d1e refactor[rules] Gatekeeper rules 
Gatekeeper is fully enforced by configuration profile now.
 2024-07-15 21:00:28 -04:00
Bob Gendler
514d451ff6 refactor[rules] firewall rules 
Firewall is now fully enforced by a configuration profile.
 2024-07-15 21:00:28 -04:00
Allen Golbig
d7db6e4c3d updated system_settings_media_sharing_disabled 2024-07-15 20:55:27 -04:00
Allen Golbig
d1de3c0665 removed cces and stigs 2024-07-15 19:52:43 -04:00
Allen Golbig
701e4d6b6a dev_sequoia 2024-07-15 18:01:42 -04:00
Bob Gendler
46174abd21 removed double stig tag 2024-04-08 10:38:41 -04:00
Bob Gendler
86eab839ad Added CCEs 2024-04-04 11:45:48 -04:00
Bob Gendler
b6fdcda9a8 refactor[rule] system_wide_preferences_configure 
Updated check and fix for additional keys and values in authorizationdb
 2024-04-02 11:33:29 -04:00
Bob Gendler
042b54310d refactor[rules] Updated typos 
Fixed grammar and spacing issues
 2024-04-02 11:25:03 -04:00
Bob Gendler
bd5afc10c9 Added NOTE: 2024-04-02 09:44:58 -04:00
Bob Gendler
703a421fd9 refactor[rules] touchid and unlock with watch 
Changed 800-53 reference to IA-5
Added note about 800-63
 2024-03-25 11:39:24 -04:00
Bob Gendler
71353fe690 changed enabled to true 2024-03-07 11:19:21 -05:00
Bob Gendler
f0ab5dc8ae fix[rules] updated location services rules 
Changed kickstart to find the PID and do a kill -9 to the PID

Issue #372
 2024-03-06 11:46:39 -05:00
Bob Gendler
2ab099bfcd Dev sonoma issue356 (#367) 
* chore[rules]: updated STIG tags

Removed the stig tag from rules that weren't in the stig.
Added 'srg' tag to rules that had SRG references, but not in stig

Issue #356

* chore[baseline]: updated STIG baseline

* chore[references]: updated CCI and SRG refs

Updated severity where needed too

* fix[rule]: yaml syntax for CCI

* fix[rules]: added missing STIG ODVs

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>
 2024-02-26 15:50:02 -05:00
Dan Brodjieski
701ed9bec0 chore[rules]: updates from published STIG 
added STIG references and updated baselines to support latest release from DISA
 2024-01-24 08:16:00 -05:00
Dan Brodjieski
f06782a180 Merge branch 'sonoma' into dev_sonoma_disa 2024-01-23 15:45:21 -05:00
Allen Golbig
1b41baf0b4 Merge pull request #336 from headmin/231215-timeserver-recommendation 
Update timeServer recommendation
 2023-12-18 13:47:55 -05:00
Henry S
b45473468a Remove space on ODV 2023-12-18 19:46:01 +01:00
Henry S
e37a44d575 Update ODVs for timeServer 
set NIST and stig ODVs to time.nist.gov
 2023-12-18 19:43:31 +01:00
Henry S
f595a5393a Update timeServer recommendation 
As of macOS 10.13 only one time server is supported.

See Apple Update from 13/12/2023 here: https://github.com/apple/device-management/blob/release/mdm/profiles/com.apple.MCX(TimeServer).yaml#L21-L25
 2023-12-18 12:55:39 +01:00
Allen Golbig
5c2d7a75a9 refactor[rule] added base64 to loginwindowtext ck 
added base64 check to system_settings_loginwindow_loginwindowtext_enable
 2023-11-28 12:29:31 -05:00
Allen Golbig
812d3b93ca fix[rules] updates for cis release 
Moved os_safari_javascript_enabled to manual
 2023-10-13 10:35:00 -04:00
Bob Gendler
2a41fdb23d changed newstig to stig tag 2023-10-05 13:45:19 -04:00
Allen Golbig
108548c9f8 fixed conflicts 2023-10-02 11:58:50 -04:00
Bob Gendler
28ef4c7393 Merge branch 'sonoma' into dev_sonoma_disa 2023-09-29 11:20:42 -04:00
Bob Gendler
7bec67dd1f resync with dev_sonoma 2023-09-20 13:52:06 -04:00
Bob Gendler
8ba1987b9f refactor[rules] CIS re-numbering 
Updated CIS benchmark numbers
 2023-09-20 13:45:39 -04:00
Bob Gendler
ee21b093cb refactor[rules] Modified and removed 
Removed rules that are STIG only since no DISA STIG exists
for macOS Sonoma yet.

Updated system_settings_location_services_menu_enforce

Updated changelog
 2023-09-18 21:24:40 -04:00
Dan Brodjieski
37b00778fc Merge branch 'dev_sonoma' into dev_sonoma_disa 
Attempt to resync latest Sonoma changes
 2023-09-14 15:18:30 -04:00
Dan Brodjieski
5acbdbd21e chore: clean up extraneous trailing whitespace 2023-09-14 14:21:06 -04:00
mahlmanj
889de402ab CMMC Sonoma dev branch. Unaltered baselines. 2023-09-12 15:27:56 -04:00
Bob Gendler
e5fb336bdb refactor[rules] CCEs added 
Added NIST issued CCEs to all rule files
 2023-09-09 14:43:51 -04:00
Bob Gendler
24d3e6a523 refactor[rules] Removed rules, removed newstig tag 
Removed unneeded rule files
Changed tags and references
 2023-09-01 10:58:58 -04:00
Bob Gendler
8adb6d6f2e added 800-171 reference 2023-09-01 10:42:53 -04:00
Bob Gendler
9df8d5c62a refactor[rules] System Settings Pane Disabling 
Changed rules and added rules for disabling system settings panes
 2023-09-01 10:09:48 -04:00
Dan Brodjieski
5dbf9ee3c3 fix[rules]: yaml cleanup from merge 2023-08-31 14:53:11 -04:00
Dan Brodjieski
861d14815b refactor[stig]: merged SRGs from DISA 
Rewrote all the rule yaml files to have correct SRG references.
Added scripts to work with new STIG workflows.
 2023-08-31 11:37:33 -04:00
Bob Gendler
351c94cf83 refactor[rules/templates] Matched with Ventura 
Merged new commits that have been merged into Ventura since
dev_sonoma was created.
 2023-08-14 14:45:35 -04:00
Bob Gendler
2e76ebfbe4 refactor[rules] Added none tag to old stig rules 
Added none tag to STIG rules that had no other tag
 2023-08-04 09:48:26 -04:00
Bob Gendler
206884b723 removed stig tag 2023-08-01 14:21:15 -04:00
Bob Gendler
6d76bc5de6 refactor[rules] new and revised 14.0 rules 
Changed siri_disable to new key
Added freefrom rule, on device dictation rule, and filevault setup assistant
 2023-08-01 14:19:00 -04:00
Bob Gendler
a3ce45a986 refactor[rules] removed CCE and disa stig controls 2023-08-01 13:50:01 -04:00
Allen Golbig
c396f18b24 feat[baseline] dev_sonoma 
dev_sonoma
 2023-07-13 22:17:34 -04:00
Bob Gendler
d00bb1a4c3 refactor[rules/scripts] Added CCEs, removed tags 
Added try except blocks in generate_scap to prevent crashes

Added CCEs
Removed double tags
 2023-06-22 14:52:57 -04:00
Bob Gendler
7f549f7280 removed spaces 2023-06-22 13:10:14 -04:00
Bob Gendler
e02209c0e6 Removed old cnssi tag 2023-06-22 12:51:58 -04:00
Bob Gendler
9fccb44c5d Merge branch 'dev_ventura_stig' into ventura 2023-06-22 12:47:18 -04:00
Bob Gendler
fc9d45b03c Merge branch 'dev_ventura_cmmc' into ventura 2023-06-22 12:23:41 -04:00
Bob Gendler
e5cc08a9cd Merge branch 'dev_ventura_cnssi' into ventura 2023-06-22 11:21:55 -04:00