III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000378-GPOS-00163
Group -
The macOS system must authorize USB devices before allowing connection.
USB devices connected to a Mac must be authorized. [IMPORTANT] ==== This feature is removed if a smart card is paired or smart card attribute mapping is configured. ====Rule Medium Severity -
SRG-OS-000445-GPOS-00199
Group -
The macOS system must ensure secure boot level set to full.
The Secure Boot security setting must be set to full. Full security is the default Secure Boot setting in macOS. During startup, when Secure Boot is set to full security, the Mac will verify the i...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The macOS system must enforce enrollment in mobile device management.
Users must enroll their Mac in a Mobile Device Management (MDM) software. User Approved MDM (UAMDM) enrollment or enrollment via Apple Business Manager (ABM)/Apple School Manager (ASM) is required...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The macOS system must enable recovery lock.
A recovery lock password must be enabled and set. Single user mode, recovery mode, the Startup Manager, and several other tools are available on macOS by holding down specific key combinations dur...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The macOS system must enforce installation of XProtect Remediator and Gatekeeper updates automatically.
Software Update must be configured to update XProtect Remediator and Gatekeeper automatically. This setting enforces definition updates for XProtect Remediator and Gatekeeper; with this setting in...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.