[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251625

 
 

909

 
 

196370

 
 

282

 
 
Paid content will be excluded from the download.

Filter
Matches : 30476 Download | Alert*

The macOS built-in Photos.app connection to Apple's iCloud service must be disabled. Apple's iCloud service does not provide an organization with enough control over the storage and access of data and, therefore, automated photo synchronization must be controlled by an organization approved service. Audit: Verify the macOS system is configured to disable the iCloud Photo Library with the ...

The login window must be configured to prompt all users for both a username and a password. By default, the system displays a list of known users on the login window, which can make it easier for a malicious user to gain access to someone else's account. Requiring users to type in both their username and password mitigates the risk of unauthorized users gaining access to the information system. ...

The system log files must be owned by root. System logs contain sensitive data about the system and users. If log files are set to only be readable and writable by system administrators, the risk is mitigated. Audit: Verify the macOS system is configured with system log files owned by root and group to wheel with the following command: /usr/bin/stat -f '%Su:%Sg:%N' $(/usr/bin/grep - ...

Auto logout must be configured to automatically terminate a user session and log out the after 86400 seconds of inactivity. Note:The maximum that macOS can be configured for autologoff is 86400 seconds. NOTE: The automatic logout may cause disruptions to an organization's workflow and/or loss of data. Information system security officers (ISSOs) are advised to first fully weigh the potential ris ...

Disabling Apple watches is a necessary step to ensuring that the information system retains a session lock until the user reestablishes access using authorized identification and authentication procedures. Audit: Verify the macOS system is configured to prevent Apple Watch from terminating a session lock with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserD ...

The system must disable account modification. Account modification includes adding additional or modifying internet accounts in Apple Mail, Calendar, Contacts, in the Internet Account System Setting Pane, or the AppleID System Setting Pane. This prevents the addition of unauthorized accounts. NOTE: Some organizations may allow the use and configuration of the built-in Mail.app, Calendar.app, and ...

Password Autofill must be disabled. macOS allows users to save passwords and use the Password Autofill feature in Safari and compatible apps. To protect against malicious users gaining access to the system, this feature must be disabled to prevent users from being prompted to save passwords in applications. Audit: Verify the macOS system is configured to disable password autofill with the ...

The ability for Apple to store and review audio of Siri and Dictation interactions must be disabled. The information system must be configured to provide only essential capabilities. Disabling the submission of Siri and Dictation information will mitigate the risk of unwanted data being sent to Apple. Audit: Verify the macOS system is configured to disable sending Siri and Dictation info ...

Dictation must be disabled on Intel-based Macs as the feature On Device Dictation is only available on Apple Silicon devices. Audit: For Apple Silicon-based systems, this is not applicable. Verify the macOS system is configured to disable dictation with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationac ...

Smart card authentication must be enforced. The use of smart card credentials facilitates standardization and reduces the risk of unauthorized access. When enforceSmartCard is set to "true", the smart card must be used for logon, authorization, and unlocking the screensaver. CAUTION:enforceSmartCard will apply to the whole system. No users will be able to log on with their password unle ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3047

© SecPod Technologies