Security Technical Implementation Guides (STIGs)


Product
Severity
SRG
CCIs
STIG IDs
Rule IDs
Tags
AppLocker
EventSentry
Security
stig
Vulnerability ID Severity Description
V-277028 Medium The macOS system must prevent Apple Watch from terminating a session lock
V-277029 Medium The macOS system must enforce screen saver password
V-277030 Medium The macOS system must enforce session lock no more than five seconds after screen saver is started
V-277031 Medium The macOS system must configure user session lock when a smart token is removed
V-277032 Medium The macOS system must disable hot corners
V-277033 Medium The macOS system must prevent AdminHostInfo from being available at LoginWindow
V-277034 Medium The macOS system must automatically remove or disable temporary or emergency user accounts within...
V-277035 Medium The macOS system must enforce time synchronization
V-277036 Medium The macOS system must limit consecutive failed login attempts to three
V-277037 Medium The macOS system must display a policy banner at remote login
V-277038 Medium The macOS system must enforce SSH to display a policy banner
V-277039 Medium The macOS system must display the Standard Mandatory DOD Notice and Consent Banner at the login w...
V-277040 Medium The macOS system must configure audit log files to not contain access control lists (ACLs)
V-277041 Medium The macOS system must configure the audit log folder to not contain access control lists (ACLs)
V-277042 Medium The macOS system must disable FileVault automatic login
V-277043 Medium The macOS system must configure SSHD ClientAliveInterval to 900
V-277044 Medium The macOS system must configure SSHD ClientAliveCountMax to 1
V-277045 Medium The macOS system must set login grace time to 30
V-277046 High The macOS system must limit SSHD to FIPS-compliant connections
V-277047 High The macOS system must limit SSH to FIPS-compliant connections
V-277048 Medium The macOS system must set account lockout time to 15 minutes
V-277049 Medium The macOS system must enforce screen saver timeout
V-277050 Medium The macOS system must disable login to other users' active and locked sessions
V-277051 Medium The macOS system must disable root login
V-277052 Medium The macOS system must configure the SSH ServerAliveInterval to 900
V-277053 Medium The macOS system must configure SSHD channel timeout to 900
V-277054 Medium The macOS system must configure SSHD unused connection timeout to 900
V-277055 Medium The macOS system must set SSH Active Server Alive Maximum to 0
V-277056 Medium The macOS system must enforce auto logout after 86400 seconds of inactivity
V-277057 Medium The macOS system must be configured to use an authorized time server
V-277058 Medium The macOS system must enable the time synchronization daemon
V-277059 Medium The macOS system must configure sudo to log events
V-277060 Medium The macOS system must be configured to audit all administrative action events
V-277061 Medium The macOS system must be configured to audit all login and logout events
V-277062 Medium The macOS system must enable security auditing
V-277063 Medium The macOS system must configure audit log files to be owned by root
V-277064 Medium The macOS system must configure audit log folders to be owned by root
V-277065 Medium The macOS system must configure the audit log files group to wheel
V-277066 Medium The macOS system must configure the audit log folders group to wheel
V-277067 Medium The macOS system must configure audit log files to mode 440 or less permissive
V-277068 Medium The macOS system must configure audit log folders to mode 700 or less permissive
V-277069 Medium The macOS system must be configured to audit all deletions of object attributes
V-277070 Medium The macOS system must be configured to audit all changes of object attributes
V-277071 Medium The macOS system must be configured to audit all failed read actions on the system
V-277072 Medium The macOS system must be configured to audit all failed write actions on the system
V-277073 Medium The macOS system must be configured to audit all failed program execution on the system
V-277074 Low The macOS system must configure audit retention to seven days
V-277075 Medium The macOS system must configure audit capacity warning
V-277076 Medium The macOS system must configure audit failure notification
V-277077 Medium The macOS system must be configured to audit all authorization and authentication events
V-277078 Medium The macOS system must set smart card certificate trust to moderate
V-277079 Medium The macOS system must disable root login for SSH
V-277080 Medium The macOS system must configure audit_control group to wheel
V-277081 Medium The macOS system must configure audit_control owner to root
V-277082 Medium The macOS system must configure audit_control owner to mode 440 or less permissive
V-277083 Medium The macOS system must configure audit_control to not contain access control lists (ACLs)
V-277084 High The macOS system must disable password authentication for SSH
V-277085 Medium The macOS system must disable Server Message Block (SMB) sharing
V-277086 Medium The macOS system must disable Network File System (NFS) service
V-277087 Medium The macOS system must disable Location Services
V-277088 Medium The macOS system must disable Bonjour multicast
V-277089 Medium The macOS system must disable Unix-to-Unix Copy Protocol (UUCP) service
V-277090 Medium The macOS system must disable Internet Sharing
V-277091 Medium The macOS system must disable the built-in web server
V-277092 Medium The macOS system must disable AirDrop
V-277093 Medium The macOS system must disable FaceTime.app
V-277094 Medium The macOS system must disable the iCloud Calendar services
V-277095 Medium The macOS system must disable iCloud Reminders
V-277096 Medium The macOS system must disable iCloud Address Book
V-277097 Medium The macOS system must disable iCloud Mail
V-277098 Medium The macOS system must disable iCloud Notes
V-277099 Medium The macOS system must disable the camera
V-277100 Medium The macOS system must disable Siri
V-277101 Medium The macOS system must disable sending diagnostic and usage data to Apple
V-277102 Medium The macOS system must disable Remote Apple Events
V-277103 Medium The macOS system must disable sending audio recordings and transcripts to Apple
V-277104 Medium The macOS system must disable sending search data from Spotlight to Apple
V-277105 Medium The macOS system must disable Apple ID setup during Setup Assistant
V-277106 Medium The macOS system must disable Privacy Setup services during Setup Assistant
V-277107 Medium The macOS system must disable iCloud storage setup during Setup Assistant
V-277108 High The macOS system must disable Trivial File Transfer Protocol (TFTP) service
V-277109 Medium The macOS system must disable Siri Setup during Setup Assistant
V-277110 Medium The macOS system must disable iCloud Keychain Sync
V-277111 Medium The macOS system must disable iCloud Document Sync
V-277112 Medium The macOS system must disable iCloud Bookmarks
V-277113 Medium The macOS system must disable iCloud Photo Library
V-277114 Medium The macOS system must disable Screen Sharing and Apple Remote Desktop
V-277115 Medium The macOS system must disable the System Settings pane for Wallet and Apple Pay
V-277116 Medium The macOS system must disable the system settings pane for Siri
V-277117 High The macOS system must apply gatekeeper settings to block applications from unidentified developers
V-277118 High The macOS system must disable Bluetooth when no approved device is connected
V-277119 Medium The macOS system must disable the guest account
V-277120 High The macOS system must enable gatekeeper
V-277121 High The macOS system must disable unattended or automatic login to the system
V-277122 Medium The macOS system must secure users' home folders
V-277123 High The macOS system must require an administrator password to modify systemwide preferences
V-277124 Medium The macOS system must disable Airplay Receiver
V-277125 Medium The macOS system must disable TouchID for unlocking the device
V-277126 Medium The macOS system must disable Media Sharing
V-277127 Medium The macOS system must disable Bluetooth Sharing
V-277128 Medium The macOS system must disable AppleID and internet Account Modification
V-277129 Medium The macOS system must disable Content Caching service
V-277130 Medium The macOS system must disable iCloud Desktop and Document folder sync
V-277131 Medium The macOS system must disable iCloud Game Center
V-277132 Medium The macOS system must disable iCloud Private Relay
V-277133 Medium The macOS system must disable Find My service
V-277134 Medium The macOS system must disable Personalized Advertising
V-277135 Medium The macOS system must disable sending Siri and Dictation information to Apple
V-277136 Medium The macOS system must enforce On Device Dictation
V-277137 Medium The macOS system must disable Dictation
V-277138 Medium The macOS system must disable Printer Sharing
V-277139 Medium The macOS system must disable Remote Management
V-277140 Medium The macOS system must disable the Bluetooth System Settings pane
V-277141 Medium The macOS system must disable the iCloud Freeform services
V-277142 Medium The macOS system must disable iPhone Mirroring
V-277143 Medium The macOS system must issue or obtain public key certificates from an approved service provider
V-277144 Medium The macOS system must require that passwords contain a minimum of one numeric character
V-277145 Medium The macOS system must restrict maximum password lifetime to 60 days
V-277146 Medium The macOS system must require a minimum password length of 14 characters
V-277147 Medium The macOS system must require that passwords contain a minimum of one special character
V-277148 Medium The macOS system must disable password hints
V-277149 Medium The macOS system must remove password hints from user accounts
V-277150 Medium The macOS system must enforce smart card authentication
V-277151 Medium The macOS system must allow smart card authentication
V-277152 Medium The macOS system must enforce multifactor authentication for login
V-277153 Medium The macOS system must enforce multifactor authentication for the su command
V-277154 Medium The macOS system must enforce multifactor authentication for privilege escalation through the sud...
V-277155 Medium The macOS system must require that passwords contain a minimum of one lowercase character and one...
V-277156 Medium The macOS system must set minimum password lifetime to 24 hours
V-277157 Medium The macOS system must disable accounts after 35 days of inactivity
V-277158 Medium The macOS system must configure Apple System Log (ASL) files owned by root and group to wheel
V-277159 Medium The macOS system must configure Apple System Log (ASL) files to mode 640 or less permissive
V-277160 Medium The macOS system must require users to reauthenticate for privilege escalation when using the "su...
V-277161 Medium The macOS system must configure system log files owned by root and group to wheel
V-277162 Medium The macOS system must configure system log files to mode 640 or less permissive
V-277163 Low The macOS system must configure install.log retention to 365
V-277164 Medium The macOS system must configure sudoers timestamp type
V-277165 High The macOS system must ensure System Integrity Protection (SIP) is enabled
V-277166 High The macOS system must enforce FileVault
V-277167 Medium The macOS system must enable macOS Application Firewall
V-277168 Medium The macOS system must configure the login window to prompt for username and password
V-277169 Medium The macOS system must disable the TouchID prompt during Setup Assistant
V-277170 Medium The macOS system must disable the Screen Time prompt during Setup Assistant
V-277171 Medium The macOS system must disable Unlock with Apple Watch during Setup Assistant
V-277172 Medium The macOS system must disable Handoff
V-277173 Medium The macOS system must disable proximity-based password sharing requests
V-277174 Medium The macOS system must disable Erase Content and Settings
V-277175 Medium The macOS system must enable Authenticated Root
V-277176 Medium The macOS system must prohibit user installation of software into /users/
V-277177 Medium The macOS system must authorize USB devices before allowing connection
V-277178 Medium The macOS system must ensure Secure Boot level is set to "full"
V-277179 Medium The macOS system must enforce enrollment in Mobile Device Management (MDM)
V-277180 Medium The macOS system must enable Recovery Lock
V-277181 Medium The macOS system must enforce installation of XProtect Remediator and Gatekeeper updates automati...
V-277182 Medium The macOS system must disable Genmoji AI Creation
V-277183 Medium The macOS system must disable Apple Intelligence Image Playground
V-277184 Medium The macOS system must disable Apple Intelligence Writing Tools
V-277185 High The macOS system must install security-relevant software updates within 30 days unless the time p...
V-279329 Medium The macOS system must disable Apple Intelligence during Setup Assistant
V-282964 High The macOS system must be a version supported by the vendor