This document provides a high-level view of the changes to the macOS Security Compliance Project.
-
Rules
-
Added Rules
-
os_home_folders_default
-
supplemental_stig
-
-
Modified Rules
-
audit_acls_files_configure
-
audit_acls_folders_configure
-
audit_auditd_enabled
-
audit_control_mode_configure
-
audit_files_group_configure
-
audit_files_mode_configure
-
audit_files_owner_configure
-
audit_folder_group_configure
-
audit_folder_group_configure
-
audit_folders_mode_configure
-
auth_ssh_password_authentication_disable
-
icloud_appleid_preference_pane_disable
-
icloud_appleid_system_settings_disable
-
os_anti_virus_installed
-
os_home_folders_secure
-
os_policy_banner_loginwindow_enforce
-
os_policy_banner_ssh_configure
-
os_policy_banner_ssh_enforce
-
os_screensaver_timeout_loginwindow_enforce
-
os_sshd_client_alive_count_max_configure
-
os_sshd_client_alive_interval_configure
-
os_sshd_fips_140_ciphers
-
os_sshd_fips_140_macs
-
os_sshd_fips_compliant
-
os_sshd_key_exchange_algorithm_configure
-
os_sshd_login_grace_time_configure
-
os_sshd_permit_root_login_configure
-
pwpolicy_account_lockout_timeout_enforce
-
pwpolicy_minimum_length_enforce
-
pwpolicy_special_character_enforce
-
system_settings_assistant_disable
-
system_settings_bluetooth_prefpane_disable
-
system_settings_firewall_enable
-
system_settings_firewall_stealth_mode_enable
-
system_settings_guest_account_disable
-
system_settings_internet_accounts_preference_pane_disable
-
system_settings_siri_prefpane_disable
-
system_settings_touch_id_pane_disable
-
system_settings_usb_restricted_mode
-
system_settings_wallet_applepay_prefpane_disable
-
system_settings_wallet_applepay_prefpane_hide
-
-
-
Baselines
-
Added Baselines
-
cmmc_lvl1
-
cmmc_lvl2
-
cnssi-1253_high
-
cnssi-1253_moderate
-
cnssi-1253_low
-
DISA-STIG
-
-
Modified Baselines
-
all_rules
-
Removed Baselines
-
-
cnssi-1253
-
-
Scripts
-
generate_guidance
-
Added base64 support for documentation logo
-
Added support for CMMC references
-
Added ssh key generation to compliance script
-
Added cfc argument to compliance script
-
Bug Fixes
-
-
generate_baseline
-
Bug Fixes
-
-
generate_scap
-
Bug Fixes
-
-
-
Includes
-
mscp-data
-
Added CMMC data
-
Updated CNSSI-1253 data
-
-
supported_payloads
-
Added com.apple.sharingd
-
Removed com.apple.locationmenu
-
-
-
Rules
-
Added Rules
-
icloud_game_center_disable
-
os_safari_advertising_privacy_protection_enable
-
os_safari_prevent_cross-site_tracking_enable
-
os_safari_show_full_website_address_enable
-
os_safari_warn_fraudulent_website_enable
-
-
Modified Rules
-
os_dvdram_disable
-
os_hibernate_mode_enable
-
os_rapid_security_response_removal_disable
-
os_tftpd_disable
-
system_settings_automatic_logout_enforce
-
system_settings_internet_accounts_disable
-
system_settings_ssh_enable
-
system_settings_system_wide_preferences_configure
-
system_settings_time_server_configure
-
system_settings_time_server_enforce
-
supplemental_cis_manual
-
-
Bug fixes
-
-
Baselines
-
Updated all baselines
-
-
Scripts
-
generate_guidance
-
Added custom references to compliance check script
-
Added debug option
-
Bug Fixes
-
-
generate_baseline
-
Added author function
-
Bug Fixes
-
-
generate_mapping
-
Bug Fixes
-
-
-
Rules
-
Added ODV support
-
Added Rules
-
icloud_appleid_system_settings_disable
-
os_config_profile_ui_install_disable
-
os_firewall_ui_disable
-
os_power_nap_enable
-
os_rapid_security_response_allow
-
os_rapid_security_response_removal_disable
-
os_software_update_deferral
-
system_settings_USB_restricted_mode
-
system_settings_internet_accounts_disable
-
-
Modified Rules
-
os_power_nap_disable
-
os_ssh_fips_compliant
-
os_ssh_server_alive_count_max_configure
-
os_ssh_server_alive_interval_configure
-
os_sshd_client_alive_count_max_configure
-
os_sshd_client_alive_interval_configure
-
os_sshd_fips_140_ciphers
-
os_sshd_fips_140_macs
-
os_sshd_fips_compliant
-
os_sshd_key_exchange_algorithm_configure
-
os_sshd_login_grace_time_configure
-
os_sshd_permit_root_login_configure
-
os_sudo_timeout_configure
-
os_sudoers_timestamp_type_configure
-
pwpolicy_account_inactivity_enforce.yaml
-
pwpolicy_account_lockout_enforce.yaml
-
pwpolicy_account_lockout_timeout_enforce.yaml
-
pwpolicy_alpha_numeric_enforce.yaml
-
pwpolicy_history_enforce.yaml
-
pwpolicy_lower_case_character_enforce.yaml
-
pwpolicy_max_lifetime_enforce.yaml
-
pwpolicy_minimum_length_enforce.yaml
-
pwpolicy_minimum_lifetime_enforce.yaml
-
pwpolicy_simple_sequence_disable.yaml
-
pwpolicy_special_character_enforce.yaml
-
pwpolicy_upper_case_character_enforce.yaml
-
system_settings_system_wide_preferences_configure
-
System Preferences → System Settings
-
-
Deleted Rules
-
os_sudoers_tty_configure
-
-
Bug Fixes
-
-
Baselines
-
Modified existing baselines
-
Added parent_values
-
-
Scripts
-
generate_guidance
-
Added ODV support
-
Added Ruby gem generation
-
Added support for fix/check in compliance script
-
Added unified log support to compliance script
-
Bug Fixes
-
-
generate_baseline
-
Added ODV support
-
Added tailoring support
-
Bug Fixes
-
-
generate_mappings
-
Bug Fixes
-
-
generate_scap
-
Added support for ODV
-
Added support for new checks
-
Generate scap, xccdf, or oval
-
Bug Fixes
-
-