Apple macOS 14 (Sonoma) Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000373-GPOS-00156
<GroupDescription></GroupDescription>Group -
The macOS system must configure sudoers timestamp type.
<VulnDiscussion>The file /etc/sudoers must be configured to not include a timestamp_type of global or ppid and be configured for timestamp re...Rule Medium Severity -
SRG-OS-000051-GPOS-00024
<GroupDescription></GroupDescription>Group -
The macOS system must ensure System Integrity Protection is enabled.
<VulnDiscussion>System Integrity Protection (SIP) must be enabled. SIP is vital to protecting the integrity of the system as it prevents mal...Rule High Severity -
SRG-OS-000185-GPOS-00079
<GroupDescription></GroupDescription>Group -
The macOS system must enforce FileVault.
<VulnDiscussion>FileVault must be enforced. The information system implements cryptographic mechanisms to protect the confidentiality and in...Rule High Severity -
SRG-OS-000480-GPOS-00232
<GroupDescription></GroupDescription>Group -
The macOS system must enable the application firewall.
<VulnDiscussion>The macOS Application Firewall is the built-in firewall that comes with macOS, and it must be enabled. When the macOS Applic...Rule Medium Severity -
SRG-OS-000104-GPOS-00051
<GroupDescription></GroupDescription>Group -
The macOS system must configure login window to prompt for username and password.
<VulnDiscussion>The login window must be configured to prompt all users for both a username and a password. By default, the system displays ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules