Skip to content

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000205-GPOS-00083

    <GroupDescription></GroupDescription>
    Group
  • The macOS system must configure system log files to mode 640 or less permissive.

    &lt;VulnDiscussion&gt;The system logs must be configured to be writable by root and readable only by the root user and group wheel. To achieve this...
    Rule Medium Severity
  • SRG-OS-000341-GPOS-00132

    <GroupDescription></GroupDescription>
    Group
  • The macOS system must configure install.log retention to 365.

    &lt;VulnDiscussion&gt;The install.log must be configured to require that records be kept for an organizational-defined value before deletion, unles...
    Rule Low Severity
  • SRG-OS-000051-GPOS-00024

    <GroupDescription></GroupDescription>
    Group
  • The macOS system must ensure System Integrity Protection is enabled.

    &lt;VulnDiscussion&gt;System Integrity Protection is vital to protecting the integrity of the system as it prevents malicious users and software fr...
    Rule High Severity
  • SRG-OS-000185-GPOS-00079

    <GroupDescription></GroupDescription>
    Group
  • The macOS system must enforce FileVault.

    &lt;VulnDiscussion&gt;The information system implements cryptographic mechanisms to protect the confidentiality and integrity of information stored...
    Rule High Severity
  • SRG-OS-000480-GPOS-00232

    <GroupDescription></GroupDescription>
    Group
  • The macOS system must enable macOS Application Firewall.

    &lt;VulnDiscussion&gt;The macOS Application Firewall is the built-in firewall that comes with macOS, and it must be enabled. When the macOS Applic...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules