Apple OS X 10.14 (Mojave) STIG

Apple OS X 10.14 (Mojave) Security Technical Implementation Guide

ID Vuln ID Title Cat Status
AOSX-14-001014 V-209555 The macOS system must be configured with audit log files group-owned by wheel. Cat II
AOSX-14-002066 V-209608 The macOS system must not allow an unattended or automatic logon to the system. Cat II
AOSX-14-002067 V-209609 The macOS system must prohibit user installation of software without explicit privileged status. Cat II
AOSX-14-002012 V-209577 The macOS system must be configured to disable the iCloud Calendar services. Cat III
AOSX-14-000025 V-209541 The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system. Cat II
AOSX-14-002037 V-209593 The macOS system must be configured to disable the Cloud Storage Setup services. Cat II
AOSX-14-000007 V-209527 The macOS system must be configured to disable hot corners. Cat II
AOSX-14-002036 V-209592 The macOS system must be configured to disable the Privacy Setup services. Cat II
AOSX-14-003051 V-209627 The macOS system must be configured so that the su command requires smart card authentication. Cat II
AOSX-14-000015 V-209534 The macOS system must utilize an HBSS solution and implement all DoD required modules. Cat II
AOSX-14-002023 V-209587 The macOS system must be configured to disable the application Calendar. Cat II
AOSX-14-000021 V-209537 The macOS system must enforce an account lockout time period of 15 minutes in which a user makes three consecutive invalid logon attempts. Cat II
AOSX-14-001017 V-209558 The macOS system must be configured with audit log folders set to mode 700 or less permissive. Cat II
AOSX-14-002009 V-209574 The macOS system must be configured to disable AirDrop. Cat III
AOSX-14-003025 V-209625 The macOS system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes