mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-03 05:53:24 +00:00
138 lines
4.9 KiB
XML
138 lines
4.9 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>policyCategoryAuthentication</key>
|
|
<array>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>(policyAttributeFailedAuthentications < policyAttributeMaximumFailedAuthentications) OR (policyAttributeCurrentTime > (policyAttributeLastFailedAuthenticationTime + autoEnableInSeconds))</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Authentication Lockout</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>autoEnableInSeconds</key>
|
|
<integer>300</integer>
|
|
<key>policyAttributeMaximumFailedAuthentications</key>
|
|
<integer>3</integer>
|
|
</dict>
|
|
</dict>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributeLastAuthenticationTime > policyAttributeCurrentTime - (policyAttributeInactiveDays * 24 * 60 * 60)</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Inactive Account</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>policyAttributeInactiveDays</key>
|
|
<integer>35</integer>
|
|
</dict>
|
|
</dict>
|
|
</array>
|
|
<key>policyCategoryPasswordChange</key>
|
|
<array>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributeCurrentTime > policyAttributeLastPasswordChangeTime + (policyAttributeExpiresEveryNDays * 24 * 60 * 60)</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Password Expires after 60 days</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>policyAttributeExpiresEveryNDays</key>
|
|
<integer>60</integer>
|
|
</dict>
|
|
</dict>
|
|
</array>
|
|
<key>policyCategoryPasswordContent</key>
|
|
<array>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributePassword matches '(.*[A-Z].*){1,}+'</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Must have at least 1 uppercase letter</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>minimumAlphaCharactersUpperCase</key>
|
|
<integer>1</integer>
|
|
</dict>
|
|
</dict>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributeLastPasswordChangeTime < policyAttributeCurrentTime - (policyAttributeMinimumLifetimeHours * 60 * 60)</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Minimum Password Lifetime</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>policyAttributeMinimumLifetimeHours</key>
|
|
<integer>24</integer>
|
|
</dict>
|
|
</dict>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributePassword matches '.{15,}+'</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Must be at least 15 characters</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>minimumLength</key>
|
|
<integer>15</integer>
|
|
</dict>
|
|
</dict>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributePassword matches '(.*[0-9].*){1,}+'</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Must have at least 1 numeric value</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>minimumNumericCharacters</key>
|
|
<integer>2</integer>
|
|
</dict>
|
|
</dict>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributePassword matches '(.*[a-z].*){1,}+'</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Must have at least 1 lowercase letter</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>minimumAlphaCharactersLowerCase</key>
|
|
<integer>1</integer>
|
|
</dict>
|
|
</dict>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributePassword matches '(.*[A-Z].*){1,}+'</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Must have at least 1 uppercase letter</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>minimumAlphaCharacters</key>
|
|
<integer>1</integer>
|
|
</dict>
|
|
</dict>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>policyAttributePassword matches '(.*[^a-zA-Z0-9].*){1,}+'</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Must have at least 1 special characters</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>minimumSymbols</key>
|
|
<integer>1</integer>
|
|
</dict>
|
|
</dict>
|
|
<dict>
|
|
<key>policyContent</key>
|
|
<string>none policyAttributePasswordHashes in policyAttributePasswordHistory</string>
|
|
<key>policyIdentifier</key>
|
|
<string>Cannot match the last 5 passwords</string>
|
|
<key>policyParameters</key>
|
|
<dict>
|
|
<key>policyAttributePasswordHistoryDepth</key>
|
|
<integer>5</integer>
|
|
</dict>
|
|
</dict>
|
|
</array>
|
|
</dict>
|
|
</plist> |