Monterey – Configure Audit Log Folders Group to Wheel
Details Audit log files _MUST_ have the group set to wheel. The audit service _MUST_ be configured to create log...
- Home
- Security Hardening
- NIST MacOS Monterey V1.0.0 All Profiles
NIST MacOS Monterey V1.0.0 All Profiles
Monterey – Configure Audit Log Folders to be Owned by Root
Details Audit log files _MUST_ be owned by root. The audit service _MUST_ be configured to create log files with...Monterey – Configure Audit Log Folders to Mode 700 or Less Permissive
Details The audit log folder _MUST_ be configured to mode 700 or less permissive so that only the root user...Monterey – Configure Audit Log Folder to Not Contain Access Control Lists
Details The audit log folder _MUST_ not contain access control lists (ACLs). Audit logs contain sensitive data about the system...Monterey – Configure Audit Retention to a Minimum of Seven Days
Details The audit service _MUST_ be configured to require records be kept for seven days or longer before deletion, unless...Monterey – Configure Automated Flaw Remediation
Details The macOS system _MUST_ be configured to determine the state of system components with regard to flaw remediation. NOTE:...Monterey – Configure Gatekeeper to Disallow End User Override
Details Gatekeeper _MUST_ be configured with a configuration profile to prevent normal users from overriding its settings. If users are...Monterey – Configure Login Window to Prompt for Username and Password
Details The login window _MUST_ be configured to prompt all users for both a username and a password. By default,...Monterey – Configure SSH ServerAliveInterval option set to 900 or less
Details SSH _MUST_ be configured with an Active Server Alive Maximum Count set to 900 or less. Setting the Active...Monterey – Configure Sudoers to Authenticate Users on a Per -tty Basis
Details The file /etc/sudoers _MUST_ be configured to include tty_tickets. This rule ensures that the “sudo” command will prompt for...