Apple macOS 11 (Big Sur) STIG

Apple macOS 11 (Big Sur) Security Technical Implementation Guide

ID Vuln ID Title Cat Status
APPL-11-003008 V-230832 The macOS system must enforce a 60-day maximum password lifetime restriction. Cat II
APPL-11-000006 V-230748 The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. Cat III
APPL-11-001013 V-230775 The macOS system must be configured with audit log folders owned by root. Cat II
APPL-11-003051 V-230840 The macOS system must be configured so that the su command requires smart card authentication. Cat II
APPL-11-003001 V-230830 The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. Cat I
APPL-11-001020 V-230780 The macOS system must audit the enforcement actions used to restrict access associated with changes to the system. Cat II
APPL-11-002008 V-230793 The macOS system must be configured to disable Web Sharing. Cat II
APPL-11-000030 V-230760 The macOS system must be configured so that log files must not contain access control lists (ACLs). Cat II
APPL-11-000023 V-230757 The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting remote access to the operating system. Cat II
APPL-11-000015 V-230754 The macOS system must utilize an HBSS solution and implement all DoD required modules. Cat II
APPL-11-002021 V-230805 The macOS system must be configured to disable sending diagnostic and usage data to Apple. Cat II
APPL-11-002037 V-230812 The macOS system must be configured to disable the Cloud Storage Setup services. Cat II
APPL-11-002070 V-230829 The macOS system must use an approved antivirus program. Cat I
APPL-11-002011 V-230796 The macOS system must be configured to disable the application Messages. Cat III
APPL-11-002017 V-230802 The macOS system must cover or disable the built-in or attached camera when not in use. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes