usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Rule updates for Sequoia -- os_appleid_prompt_disable, os_icloud_storage_prompt_disable, and more... #42

New Issue
Closed
opened 2026-01-19 18:29:01 +00:00 by michael · 3 comments
michael commented 2026-01-19 18:29:01 +00:00
Owner
Copy Link

Originally created by @pweroherc on GitHub.

Summary

On Sequoia branch, the following rules audit incorrectly:

  • os_appleid_prompt_disable (SkipCloudSetup)
  • os_icloud_storage_prompt_disable (SkipiCloudStorageSetup)
  • os_privacy_setup_prompt_disable (SkipPrivacySetup)
  • os_siri_prompt_disable (SkipSiriSetup)
  • os_skip_unlock_with_watch_enable (SkipUnlockWithWatch)

The SetupAssistant payload has been updated and now uses the Skip Keys property.

- SkipKeys
- AppleID
- iCloudStorage
- Privacy
- Siri
- WatchMigration

Steps to reproduce

Auditing rules will continue to fail because the return values have changed.

Operating System version

macOS Sequoia 15.5

Intel or Apple Silicon

AS

What is the current bug behavior?

Audit fails, remediation fails.

What is the expected correct behavior?

Audit succeeds, remediation succeeds.

Relevant logs and/or screenshots

N/A

Output of checks

(Paste any output that occurs with the bug)

Possible fixes

https://developer.apple.com/documentation/devicemanagement/setupassistant

Originally created by @pweroherc on GitHub. ### Summary On Sequoia branch, the following rules audit incorrectly: - os_appleid_prompt_disable _(SkipCloudSetup)_ - os_icloud_storage_prompt_disable _(SkipiCloudStorageSetup)_ - os_privacy_setup_prompt_disable _(SkipPrivacySetup)_ - os_siri_prompt_disable _(SkipSiriSetup)_ - os_skip_unlock_with_watch_enable _(SkipUnlockWithWatch)_ The [SetupAssistant payload ](https://developer.apple.com/documentation/devicemanagement/setupassistant)has been updated and now uses the **Skip Keys** property. **- SkipKeys** - AppleID - iCloudStorage - Privacy - Siri - WatchMigration ### Steps to reproduce Auditing rules will continue to fail because the return values have changed. ### Operating System version macOS Sequoia 15.5 ### Intel or Apple Silicon AS ### What is the current *bug* behavior? Audit fails, remediation fails. ### What is the expected *correct* behavior? Audit succeeds, remediation succeeds. ### Relevant logs and/or screenshots N/A ### Output of checks (Paste any output that occurs with the bug) ### Possible fixes https://developer.apple.com/documentation/devicemanagement/setupassistant
michael commented 2026-01-19 18:29:01 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

This actually will take a bunch of refactoring since that payload and all is built in an array. Not impossible. It'll be more than just updating the YAML. It'll take rebuilding script logic a bit.

@robertgendler commented on GitHub: This actually will take a bunch of refactoring since that payload and all is built in an array. Not impossible. It'll be more than just updating the YAML. It'll take rebuilding script logic a bit.
michael commented 2026-01-19 18:29:01 +00:00
Author
Owner
Copy Link

@pweroherc commented on GitHub:

This actually will take a bunch of refactoring since that payload and all is built in an array. Not impossible. It'll be more than just updating the YAML. It'll take rebuilding script logic a bit.

Disclaimer, I'm new to GitHub etiquette. I manually updated my deployment and am good to go but just wanted to report in case others weren't aware.

If I get some time, I may poke at the generate_guidance.py script and see if I can contribute but you would want to double, triple, quadruple check my work.

Thanks for all your hard work.

@pweroherc commented on GitHub: > This actually will take a bunch of refactoring since that payload and all is built in an array. Not impossible. It'll be more than just updating the YAML. It'll take rebuilding script logic a bit. Disclaimer, I'm new to GitHub etiquette. I manually updated my deployment and am good to go but just wanted to report in case others weren't aware. If I get some time, I may poke at the generate_guidance.py script and see if I can contribute but you would want to double, triple, quadruple check my work. Thanks for all your hard work.
michael commented 2026-01-19 18:29:01 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

You're fine! I just sort of was putting the info out there. I think those changes really started showing up with Sequoia (maybe earlier) but the previous works as well. So partially why we've left it.

@robertgendler commented on GitHub: You're fine! I just sort of was putting the info out there. I think those changes really started showing up with Sequoia (maybe earlier) but the previous works as well. So partially why we've left it.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#42
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?