Apple macOS 14 (Sonoma) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The macOS system must disable Erase Content and Settings.
Erase Content and Settings must be disabled.Rule Medium Severity -
The macOS system must prohibit user installation of software into /users/.
Users must not be allowed to install software into /users/. Allowing users who do not possess explicit privileges to install software presents the risk of untested and potentially malicious softwa...Rule Medium Severity -
The macOS system must authorize USB devices before allowing connection.
USB devices connected to a Mac must be authorized. [IMPORTANT] ==== This feature is removed if a smart card is paired or smart card attribute mapping is configured. ====Rule Medium Severity -
The macOS system must ensure secure boot level set to full.
The Secure Boot security setting must be set to full. Full security is the default Secure Boot setting in macOS. During startup, when Secure Boot is set to full security, the Mac will verify the i...Rule Medium Severity -
The macOS system must enforce installation of XProtect Remediator and Gatekeeper updates automatically.
Software Update must be configured to update XProtect Remediator and Gatekeeper automatically. This setting enforces definition updates for XProtect Remediator and Gatekeeper; with this setting in...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules