Download
| Alert*
|
oval:org.secpod.oval:def:80480
Automatically checking for updates makes it easier for the user to know when updates are available. It is important that a system has the newest updates applied to prevent unauthorized persons from exploiting identified vulnerabilities. oval:org.secpod.oval:def:80514 Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. One method of minimizing this risk is to use complex passwords and periodically change them. If the operating system does not limit the lifetime of passwords and force users to chang ... oval:org.secpod.oval:def:80533 The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. Thi ... oval:org.secpod.oval:def:80512 Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that deter ... oval:org.secpod.oval:def:80538 Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and p ... oval:org.secpod.oval:def:80531 The operating system must enforce a minimum 15-character password length. The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one fact ... oval:org.secpod.oval:def:80496 The Guest account, a special managed account, is considered a security vulnerability in most situations because it has no password associated with it. oval:org.secpod.oval:def:80509 The Application Firewall is the built in firewall that comes with Mac OS X and must be enabled. Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network. oval:org.secpod.oval:def:80545 When automatic logins are enabled, the default user account is automatically logged in at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer in order to log in. Disabling automatic logins mitigates this risk. oval:org.secpod.oval:def:80526 Controls when, and if, a password hint is given the user, based on the number of failed login attempts. In loginwindow.plist, set the RetriesUntilHint key = X to show a hint after X login failures, or set the key = 0 to disable hints. oval:org.secpod.oval:def:80504 The system must allow only applications downloaded from the App Store to run. Gatekeeper settings must be configured correctly to only allow the system to run applications downloaded from the Mac App Store. Administrator users will still have the option to override these settings on a per app basis. ... oval:org.secpod.oval:def:80527 Controls whether inactivity logs out a user and, if so, how many minutes are required to trigger logout. In .GlobalPreferences.plist, delete the AutoLogoutDelay key to disable inactivity logout. oval:org.secpod.oval:def:80482 This setting allows macOS updates to be installed automatically once they are available from Apple. Because patches need to be applied as soon as possible, allowing for automatic updates ensures that the users device is updated in a timely manner rather than be left vulnerable to additional security ... oval:org.secpod.oval:def:80485 The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. Thi ... |
