Skip to content

Commit c9be11a

Browse files
committed
refactor[rules] 1.0 -> 2.0 merge
Updated rules.
1 parent b959925 commit c9be11a

52 files changed

Lines changed: 172 additions & 53 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

src/mscp/data/rules/os/os_airprint_credential_storage_disable.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ references:
77
cce:
88
ios_26:
99
- CCE-95641-7
10+
ios_18:
11+
- CCE-94527-9
1012
800-53r5:
1113
- CM-6
1214
disa:

src/mscp/data/rules/os/os_anti_virus_installed.yaml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,8 @@ references:
1818
- CCI-000366
1919
bzk:
2020
bio:
21-
- 8.07.01
22-
- 8.07.03
23-
- 8.07.04
24-
- 8.19.01
21+
- 8.07
22+
- 8.19
2523
cis:
2624
benchmark:
2725
macos_26:

src/mscp/data/rules/os/os_authenticated_root_enable.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ references:
4545
- SC.L2-3.13.11
4646
bzk:
4747
bio:
48-
- 5.16.02
48+
- 5.16
4949
hhs:
5050
hicp:
5151
- 2.L.A

src/mscp/data/rules/os/os_authentication_password_autofill_enable.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ references:
3030
- ANNEX K
3131
bzk:
3232
bio:
33-
- 8.27 - 3.3
33+
- 8.27
3434
cis:
3535
benchmark:
3636
ios_26:

src/mscp/data/rules/os/os_automatic_app_download_disable.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ references:
77
cce:
88
ios_26:
99
- CCE-95654-0
10+
ios_18:
11+
- CCE-94528-7
1012
800-53r5:
1113
- CM-7
1214
- CM-7(1)

src/mscp/data/rules/os/os_background_security_improvement_install_enable.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ references:
66
nist:
77
cce:
88
ios_26:
9-
- CCE-NA
9+
- CCE-96728-1
1010
bzk:
1111
bio:
1212
- 8.08

src/mscp/data/rules/os/os_background_security_improvement_removal_disable.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ references:
66
nist:
77
cce:
88
ios_26:
9-
- CCE-NA
9+
- CCE-96729-9
1010
bzk:
1111
bio:
1212
- 8.08
Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
id: os_external_apfs_hfs_volumes_encrypted
2+
title: Ensure All APFS and HFS+ External User Storage Volumes Are Encrypted
3+
discussion: |
4+
All APFS and HFS+ external user storage volumes _MUST_ be encrypted.
5+
6+
While FileVault protects the boot volume, data may be copied to attached external storage and reduce the protection afforded by FileVault. All external user data volumes (APFS or HFS+) _MUST_ be encrypted to protect user data from loss or tampering. CoreStorage has been deprecated and replaced with APFS for volume encryption.
7+
references:
8+
nist:
9+
cce:
10+
macos_26:
11+
- CCE-96724-0
12+
cis:
13+
benchmark:
14+
macos_26:
15+
- 5.3.2 (level 1)
16+
controls_v8:
17+
- 3.6
18+
- 3.11
19+
- 13.6
20+
- 14.8
21+
platforms:
22+
macOS:
23+
'26.0':
24+
benchmarks:
25+
- name: cis_lvl1
26+
- name: cis_lvl2
27+
enforcement_info:
28+
check:
29+
shell: |-
30+
fail=$(/usr/sbin/diskutil list external | /usr/bin/grep -E "APFS Volume|Apple_HFS|Logical Volume" | /usr/bin/awk '{print $NF}' | /usr/bin/xargs -n1 /usr/sbin/diskutil info 2>/dev/null | /usr/bin/awk '
31+
/Volume Name:/{name=$0; sub(/^[ \t]*Volume Name:[ \t]*/,"",name)}
32+
/FileVault:/{
33+
if ($2=="No") {
34+
if (list=="") list=name; else list=list ", " name
35+
}
36+
}
37+
END{print list}')
38+
if [ -z "$fail" ]; then
39+
/bin/echo "Yes"
40+
else
41+
/bin/echo "Unencrypted external volumes: $fail"
42+
fi
43+
result:
44+
string: 'Yes'
45+
fix:
46+
additional_info: |-
47+
Use Disk Utility to erase a user disk and format as APFS (Encrypted).
48+
49+
NOTE: It is recommended using APFS over HFS+ where possible. If you do need to use an HFS+/CoreStorage external drive for compatibility reasons, you need to format the drive to MacOS Extended (Journaled) (or MacOS Extended (Case-Sensitive, Journaled) if Case-Sensitive is required).
50+
tags:
51+
- cisv8

src/mscp/data/rules/os/os_external_intelligence_integration_sign_in_disable.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,6 @@ references:
4343
bzk:
4444
bio:
4545
- 8.12
46-
- 8.12.01
4746
cis:
4847
benchmark:
4948
ios_26:

src/mscp/data/rules/os/os_external_storage_access_defined.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ references:
2121
- MP.L2-3.8.8
2222
bzk:
2323
bio:
24-
- 8.12.01
24+
- 8.12
2525
platforms:
2626
macOS:
2727
'26.0':

0 commit comments

Comments
 (0)