usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
Files
dev_2.0_generate_mapping
macos_security/CHANGELOG.adoc
Stephen Beale 4f856091d0 refactor: Multiple changes done to multiple files 
- CHANGELOG updated
- Move logging initialization from cli.py to mscp.py
- Update Readme
-- Link to new mSCP Document site
- Revert Rule folder changes
- Move mscp_data to a variable used throughout the module
- Refactor tags logic to handle rules without tags
- Refactor baseline.py to work with both tags and baselines
- Refactor jinja2 templates for documents
-- Single folder for common templates
-- Logic for which document type to do
-- Folders with templates to complex to create a single template
- Refactor documents.py
-- Reduced functions for handling conversion from asciidoc to markdown
-- Removed generate_markdown and generate_adoc functions for more unified function generate_document
2025-08-05 16:00:46 -06:00

141 lines
4.5 KiB
Plaintext
Raw Permalink Blame History

:idprefix:
:idseparator: -
ifndef::env-github[:icons: font]
ifdef::env-github[]
:status:
//:outfilesuffix: .adoc
:caution-caption: :fire:
:important-caption: :exclamation:
:note-caption: :paperclip:
:tip-caption: :bulb:
:warning-caption: :warning:
endif::[]
:uri-org: https://github.com/usnistgov
:uri-repo: {uri-org}/macos_security
= Changelog
This document provides a high-level view of the changes to the macOS Security Compliance Project.
== [mSCP 2.x] - 2025-02-28
IMPORTANT: This release is a major update and includes breaking changes. Please review the documentation before upgrading.
=== Scripts
* All scripts have been moved from individual files to a single API
* All Apple Operating Systems have been consolidated into a single API
* All document creation has been moved to a Jinja template
* Add debug and version switch to CLI
* Add markdown switch to guidance CLI
* Add generate_documents function for handleing markdown and asciidoc guidance generation
* Add render_template function for rendering Jinja templates for document generation
=== Rules
* All rules updated to support the new API
* All ios_stig rules have been modified to be just disa_stig with baseline logic to support the correct OS
=== Baselines
* All baselines updated to support the new API
=== Templates
* Created shell script Jinja templates for compliance checking
* Created markdown and asciidoc Jinja templates for guidance generation
* Created checklist Jinja templates for compliance checking
* Created local report Jinja templates for compliance checking
=== Miscellaneous
* Refactored mscp-data to support better baseline generation
* Created a mscp_data variable to store throughout the codebase
== [Sequoia, Revision 1.1] - 2024-12-16
* Rules
** Added Rules
*** os_iphone_mirroring_disable
*** os_mail_summary_disable
*** os_photos_enhanced_search_disable
*** system_settings_external_intelligence_disable
*** system_settings_external_intelligence_sign_in_disable
** Modified Rules
*** os_sleep_and_display_sleep_apple_silicon_enable
*** os_sudo_log_enforce
*** os_world_writable_library_folder_configure
*** os_password_autofill_disable
*** pwpolicy_alpha_numeric_enforce
*** pwpolicy_custom_regex_enforce
*** pwpolicy_lower_case_character_enforce.yaml
*** pwpolicy_max_lifetime_enforce
*** pwpolicy_minimum_lifetime_enforce
*** pwpolicy_history_enforce
*** pwpolicy_account_lockout_timeout_enforce
*** pwpolicy_account_lockout_enforce
*** pwpolicy_prevent_dictionary_words
*** pwpolicy_simple_sequence_disable
*** pwpolicy_special_character_enforce
*** pwpolicy_upper_case_character_enforce.yaml
*** system_settings_improve_assistive_voice_disable
** Removed Rules
*** system_settings_cd_dvd_sharing_disable
** Bug Fixes
* Baselines
** Added DISA STIG v1r1
** Added CIS Level (Draft -> Final)
** Updated CNSSI-1253
== [Sequoia, Revision 1.0] - 2024-09-12
* Rules
** Added Rules
*** os_genmoji_disable
*** os_image_generation_disable
*** os_iphone_mirroring_disable
*** os_sudo_log_enforce
*** os_writing_tools_disable
** Modified Rules
*** os_anti_virus_installed
*** os_gatekeeper_enable
*** os_ssh_fips_compliant
*** system_settings_firewall_enable
*** system_settings_firewall_stealth_mode_enable
*** system_settings_gatekeeper_identified_developers_allowed
*** system_settings_media_sharing_disabled
*** DDM Support
**** auth_pam_login_smartcard_enforce
**** auth_pam_su_smartcard_enforce
**** auth_pam_sudo_smartcard_enforce
**** auth_ssh_password_authentication_disable
**** os_external_storage_restriction
**** os_network_storage_restriction
**** os_policy_banner_ssh_enforce
**** os_sshd_channel_timeout_configure
**** os_sshd_client_alive_count_max_configure
**** os_sshd_client_alive_interval_configure
**** os_sshd_fips_compliant
**** os_sshd_login_grace_time_configure
**** os_sshd_permit_root_login_configure
**** os_sshd_unused_connection_timeout_configure
**** os_sudo_timeout_configure
**** pwpolicy_account_lockout_enforce
**** pwpolicy_account_lockout_timeout_enforce
**** pwpolicy_alpha_numeric_enforce
**** pwpolicy_custom_regex_enforce
**** pwpolicy_history_enforce
**** pwpolicy_max_lifetime_enforce
**** pwpolicy_minimum_length_enforce
**** pwpolicy_simple_sequence_disable
**** pwpolicy_special_character_enforce
** Removed Rules
*** os_firewall_log_enable
*** os_gatekeeper_rearm
*** os_safari_popups_disabled
** Bug Fixes
* Baselines
** Modified existing baselines
** Updated 800-171 to Revision 3
* Scripts
** generate_guidance
*** Support for Declarative Device Management (DDM)
*** Added support for severity
** generate_baseline
** generate_mappings
** generate_scap
*** Added support for severity
Reference in New Issue View Git Blame Copy Permalink