CIS Apple OSX 10.10 Yosemite L2 V1.2.0

Details While logged in, the keychain does not prompt the user for passwords for various systems and/or programs. This can...

Details Folders in /Library should not be world writable. The audit check excludes the /Library/Caches folder where the sticky bit...

Details Configuring Secure Empty Trash mitigates the risk of an admin user on the system recovering sensitive files that the...

Details An access warning may reduce a casual attacker’s tendency to target the system. Access warnings may also aid in...

Details Network locations allow the computer to have specific configurations ready for network access when required. Locations can be used...

Details If the user can logically split password and other entries into different keychains with different passwords, a compromise of...

Details Bonjour can simplify device discovery from an internal rogue or compromised host. An attacker could use Bonjour’s multicast DNS...

Details Fast user switching allows multiple users to run applications simultaneously at console. There can be information disclosed about processes...

Details The ability to apply security patches and perform vulnerability assessments on the system is reduced when the system is...

Details Disabling this feature mitigates the risk of an attacker remotely waking the system and gaining access. Solution Perform the...