usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
Files
252852d3d24cff526b06a606a32d8529087900df
macos_security/rules/supplemental/supplemental_cis_manual.yaml
Bob Gendler 892e06ad18 refactor[rules] Modified CIS information 
Moved CIS benchmark numbers
2025-06-18 09:48:22 -04:00

91 lines
2.4 KiB
YAML
Raw Blame History

id: supplemental_cis_manual
title: "CIS Manual Recommendations"
discussion: |
List of CIS recommendations that are manual check in the CIS macOS Benchmark.
[cols="15%h, 85%a"]
|===
|Section
|System Settings
|Recommendations
|2.1.1.1 Audit iCloud Keychain +
2.1.1.2 Audit iCloud Drive +
2.1.1.4 Audit Security Keys Used With AppleIDs +
2.1.1.5 Audit Freeform Sync to iCloud +
2.1.1.6 Audit Find My Mac +
2.1.2 Audit App Store Password Settings +
2.3.3.11 Ensure Computer Name Does Not Contain PII or Protected Organizational Information +
2.5.2.2 Ensure Listen for Siri is Disabled +
2.6.1.3 Audit Location Services Access +
2.6.2.1 Audit Full Disk Access for Applications +
2.6.3.5 Ensure Share iCloud Analytics Is Disabled +
2.6.7 Audit Lockdown Mode +
2.7.2 Audit iPhone Mirroring +
2.8.1 Audit Universal Control Settings +
2.10.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) +
2.12.2 Audit Touch ID +
2.14.1 Audit Game Center Settings +
2.15.1 Audit Notification & Focus Settings +
2.16.1 Audit Wallet & Apple Pay Settings +
2.17.1 Audit Internet Accounts for Authorized Use +
6.5.1 Audit Passwords System Preference Setting +
|===
[cols="15%h, 85%a"]
|===
|Section
|Logging and Auditing
|Recommendations
|3.6 Audit Software Inventory
|===
[cols="15%h, 85%a"]
|===
|Section
|System Access, Authentication and Authorization
|Recommendations
|5.2.3 Ensure Complex Password Must Contain Alphabetic Characters Is Configured +
5.2.4 Ensure Complex Password Must Contain Numeric Character Is Configured +
5.2.5 Ensure Complex Password Must Contain Special Character Is Configured +
5.2.6 Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is Configured +
5.3.1 Ensure All User Storage APFS Volumes are Encrypted +
5.3.2 Ensure All User Storage CoreStorage Volumes are Encrypted +
|===
[cols="15%h, 85%a"]
|===
|Section
|Applications
|Recommendations
|6.2.1 Ensure Protect Mail Activity in Mail Is Enabled +
6.3.2 Audit History and Remove History Items +
6.3.5 Audit Hide IP Address in Safari Setting +
6.3.8 Audit Autofill +
6.3.9 Audit Pop-up Windows +
|===
check: |
fix: |
references:
cci:
- N/A
800-53r5:
- N/A
800-53r4:
- N/A
srg:
- N/A
disa_stig:
- N/A
macOS:
- '15.0'
tags:
- cis_lvl1
- cis_lvl2
- cisv8
- supplemental
mobileconfig: false
mobileconfig_info:
Reference in New Issue View Git Blame Copy Permalink