usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-09 00:09:55 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

JCE CIS Level 1 Rules are showing 2.9.3 (Level 2) #215

New Issue
Closed
opened 2026-01-19 18:29:40 +00:00 by michael · 2 comments
michael commented 2026-01-19 18:29:40 +00:00
Owner
Copy Link

Originally created by @gsprague on GitHub.

Summary

(Summarize the bug encountered concisely)
When using the Jamf Compliance Editor and selecting the CIS Level 1 Ventura benchmark, it shows 2.9.3 which is CIS Level 2.

Steps to reproduce

(How one can reproduce the issue - this is very important)

  1. Open JCE
  2. Select "Create new project"
  3. Choose "ventura" branch and click "Create"
  4. Save the project somewhere and click "Save"
  5. Choose Security Benchmark "CIS Benchmark - Level 1" and click "OK"
  6. You will now see 2 Level 2 rules for 2.9.3 listed with the Level 1 rule set. Screenshot attached...

Operating System version

(macOS Version and build)
macOS v13 (22A380)

Intel or Apple Silicon

(Intel based process or Apple Silicon Mac)
Intel

What is the current bug behavior?

(What actually happens)
2 rules for CIS Level 2 #2.9.3 are showing in the CIS Level 1 rule set.

What is the expected correct behavior?

(What you should see instead)
2 rules for CIS Level 2 #2.9.3 should not be showing in the CIS Level 1 rule set.

Relevant logs and/or screenshots

Screen Shot 2022-11-03 at 8 58 07 AM

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.)

Output of checks

(Paste any output that occurs with the bug)

Possible fixes

(If you can, link to the line of code that might be responsible for the problem)
Take the following CIS Level 2 rules out of the CIS Level 1 baseline yaml file
Project File Path:
../baselines/cis_lvl1.yaml
Rules to Remove from the '- section: "macos"':
- os_hibernate_mode_destroyfvkeyonstandby_enable
- os_hibernate_mode_enable

Originally created by @gsprague on GitHub. <!--- Please read this! Before opening a new issue, make sure to search for keywords in the issues filtered by the "regression" or "bug" label and verify the issue you're about to submit isn't a duplicate. ---> ### Summary (Summarize the bug encountered concisely) When using the Jamf Compliance Editor and selecting the CIS Level 1 Ventura benchmark, it shows 2.9.3 which is CIS Level 2. ### Steps to reproduce (How one can reproduce the issue - this is very important) 1. Open JCE 2. Select "Create new project" 3. Choose "ventura" branch and click "Create" 4. Save the project somewhere and click "Save" 5. Choose Security Benchmark "CIS Benchmark - Level 1" and click "OK" 6. You will now see 2 Level 2 rules for 2.9.3 listed with the Level 1 rule set. Screenshot attached... ### Operating System version (macOS Version and build) macOS v13 (22A380) ### Intel or Apple Silicon (Intel based process or Apple Silicon Mac) Intel ### What is the current *bug* behavior? (What actually happens) 2 rules for CIS Level 2 #2.9.3 are showing in the CIS Level 1 rule set. ### What is the expected *correct* behavior? (What you should see instead) 2 rules for CIS Level 2 #2.9.3 should not be showing in the CIS Level 1 rule set. ### Relevant logs and/or screenshots <img width="724" alt="Screen Shot 2022-11-03 at 8 58 07 AM" src="https://user-images.githubusercontent.com/810706/199727526-2ca438da-515c-4b6b-bd97-0c3a3da5211d.png"> (Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.) ### Output of checks (Paste any output that occurs with the bug) ### Possible fixes (If you can, link to the line of code that might be responsible for the problem) Take the following CIS Level 2 rules out of the CIS Level 1 baseline yaml file Project File Path: ../baselines/cis_lvl1.yaml Rules to Remove from the '- section: "macos"': - os_hibernate_mode_destroyfvkeyonstandby_enable - os_hibernate_mode_enable
michael commented 2026-01-19 18:29:41 +00:00
Author
Owner
Copy Link

@golbiga commented on GitHub:

Updated in monterey and Big Sur. Closing this issue. Thanks.

@golbiga commented on GitHub: Updated in monterey and Big Sur. Closing this issue. Thanks.
michael commented 2026-01-19 18:29:41 +00:00
Author
Owner
Copy Link

@gsprague commented on GitHub:

@golbiga These will also need to be updated in the Big Sur and Monterey branches. They are showing up in JCE as rule #2.8.3.

@gsprague commented on GitHub: @golbiga These will also need to be updated in the Big Sur and Monterey branches. They are showing up in JCE as rule #2.8.3.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#215
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?