AOSX-15-000001 – The macOS system must be configured to prevent Apple Watch from terminating a session lock.
Details Users must be prompted to enter their passwords when unlocking the screen saver. The screen saver acts as a...
- Home
- Security Hardening
- DISA STIG Apple Mac OSX 10 15 V1R7
DISA STIG Apple Mac OSX 10 15 V1R7
AOSX-15-000002 – The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.
Details Users must be prompted to enter their passwords when unlocking the screen saver. The screen saver acts as a...AOSX-15-000003 – The macOS system must initiate the session lock no more than five seconds after a screen saver is started.
Details A screen saver must be enabled and set to require a password to unlock. An excessive grace period impacts...AOSX-15-000014 – The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS) – Network Time On
Details Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the...AOSX-15-000014 – The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS) – Network Time Server
Details Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the...AOSX-15-000015 – The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules.
Details The macOS system must employ automated mechanisms to determine the state of system components. The DoD requires the installation...AOSX-15-000016 – The macOS system must be integrated into a directory services infrastructure.
Details Distinct user account databases on each separate system cause problems with username and password policy enforcement. Most approved directory...AOSX-15-000004 – The macOS system must initiate a session lock after a 15-minute period of inactivity.
Details A screen saver must be enabled and set to require a password to unlock. The timeout should be set...AOSX-15-000020 – The macOS system must enforce the limit of three consecutive invalid logon attempts by a user.
Details By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...AOSX-15-000005 – The macOS system must be configured to lock the user session when a smart token is removed.
Details A session lock is a temporary action taken when a user stops work and moves away from the immediate...