From ce06b939f5979fb3aec8ebeefc57e1ad4ec85f19 Mon Sep 17 00:00:00 2001 From: Bob Gendler Date: Thu, 21 Sep 2023 12:25:11 -0400 Subject: [PATCH] updated baseline files --- baselines/800-53r5_high.yaml | 1 + baselines/800-53r5_low.yaml | 1 + baselines/800-53r5_moderate.yaml | 1 + baselines/all_rules.yaml | 1 + baselines/cis_lvl1_enterprise.yaml | 2 +- baselines/cis_lvl2_byod.yaml | 2 +- baselines/ios_stig.yaml | 71 ------------------------------ baselines/ios_stig_byoad.yaml | 47 -------------------- 8 files changed, 6 insertions(+), 120 deletions(-) delete mode 100644 baselines/ios_stig.yaml delete mode 100644 baselines/ios_stig_byoad.yaml diff --git a/baselines/800-53r5_high.yaml b/baselines/800-53r5_high.yaml index b1f7af8e6..46ab64a23 100644 --- a/baselines/800-53r5_high.yaml +++ b/baselines/800-53r5_high.yaml @@ -37,6 +37,7 @@ profile: - os_authentication_password_autofill_enable - os_auto_unlock_disable - os_diagnostics_reports_disable + - os_disallow_enterprise_app_trust - os_erase_contents_and_settings_disable - os_files_network_drive_access_disable - os_files_usb_drive_access_disable diff --git a/baselines/800-53r5_low.yaml b/baselines/800-53r5_low.yaml index 57c960f77..1330d40d2 100644 --- a/baselines/800-53r5_low.yaml +++ b/baselines/800-53r5_low.yaml @@ -35,6 +35,7 @@ profile: - os_application_allow_list - os_authentication_password_autofill_enable - os_diagnostics_reports_disable + - os_disallow_enterprise_app_trust - os_erase_contents_and_settings_disable - os_find_my_friends_disable - os_force_date_and_time_enable diff --git a/baselines/800-53r5_moderate.yaml b/baselines/800-53r5_moderate.yaml index 4ce4b46fc..cf6e6f3b2 100644 --- a/baselines/800-53r5_moderate.yaml +++ b/baselines/800-53r5_moderate.yaml @@ -37,6 +37,7 @@ profile: - os_authentication_password_autofill_enable - os_auto_unlock_disable - os_diagnostics_reports_disable + - os_disallow_enterprise_app_trust - os_erase_contents_and_settings_disable - os_files_network_drive_access_disable - os_files_usb_drive_access_disable diff --git a/baselines/all_rules.yaml b/baselines/all_rules.yaml index 8040eb8d3..f58fb6e98 100644 --- a/baselines/all_rules.yaml +++ b/baselines/all_rules.yaml @@ -37,6 +37,7 @@ profile: - os_authentication_password_autofill_enable - os_auto_unlock_disable - os_diagnostics_reports_disable + - os_disallow_enterprise_app_trust - os_enterprise_books_disable - os_erase_contents_and_settings_disable - os_files_network_drive_access_disable diff --git a/baselines/cis_lvl1_enterprise.yaml b/baselines/cis_lvl1_enterprise.yaml index 71882a950..c44506d5e 100644 --- a/baselines/cis_lvl1_enterprise.yaml +++ b/baselines/cis_lvl1_enterprise.yaml @@ -49,4 +49,4 @@ profile: - section: "Supplemental" rules: - supplemental_cis_manual - - supplemental_controls + - supplemental_controls \ No newline at end of file diff --git a/baselines/cis_lvl2_byod.yaml b/baselines/cis_lvl2_byod.yaml index 5ae902433..6e8a48fa7 100644 --- a/baselines/cis_lvl2_byod.yaml +++ b/baselines/cis_lvl2_byod.yaml @@ -41,4 +41,4 @@ profile: - section: "Supplemental" rules: - supplemental_cis_manual - - supplemental_controls + - supplemental_controls \ No newline at end of file diff --git a/baselines/ios_stig.yaml b/baselines/ios_stig.yaml deleted file mode 100644 index 055ddc2a2..000000000 --- a/baselines/ios_stig.yaml +++ /dev/null @@ -1,71 +0,0 @@ -title: "iOS/iPadOS 16.0: Security Configuration - Apple iOS/iPadOS 16 STIG - Ver 1, Rel 2" -description: | - This guide describes the actions to take when securing a iOS/iPadOS 16.0 system against the Apple iOS/iPadOS 16 STIG - Ver 1, Rel 2 security baseline. -authors: | - *macOS Security Compliance Project* - - |=== - |Dan Brodjieski|National Aeronautics and Space Administration - |Allen Golbig|Jamf - |Bob Gendler|National Institute of Standards and Technology - |=== -parent_values: "ios_stig" -profile: - - section: "icloud" - rules: - - icloud_backup_disabled - - icloud_managed_apps_store_data_disabled - - icloud_photo_stream_disable - - icloud_photos_disable - - icloud_shared_photo_stream_disable - - icloud_sync_disable - - section: "ios" - rules: - - os_airdrop_disable - - os_airdrop_unmanaged_destination_enable - - os_airplay_password_require - - os_allow_contacts_read_managed_sources_unmanaged_destinations_disable - - os_allow_contacts_write_managed_sources_unmanaged_destinations_disable - - os_allow_documents_managed_sources_unmanaged_destinations_disable - - os_apple_watch_pairing_disable - - os_apple_watch_wrist_detection_enable - - os_application_allow_list - - os_auto_unlock_disable - - os_diagnostics_reports_disable - - os_enterprise_books_disable - - os_files_usb_drive_access_disable - - os_find_my_friends_disable - - os_force_encrypted_backups_enable - - os_handoff_disable - - os_install_vpn_configuration_disable - - os_limit_ad_tracking_enable - - os_mail_maildrop_disable - - os_mail_move_messages_disable - - os_new_device_proximity_disable - - os_on_device_dictation_enforce - - os_on_device_translation_enforce - - os_password_autofill_disable - - os_password_proximity_disable - - os_password_sharing_disable - - os_require_managed_pasteboard_enforce - - os_safari_password_autofill_disable - - os_share_location_data_disable - - os_show_calendar_lock_screen_disable - - os_show_notification_center_lock_screen_disable - - os_siri_when_locked_disabled - - os_ssl_for_exchange_activesync_enable - - os_supervised_mdm_require - - os_usb_accessories_when_locked_disable - - os_voice_dialing_when_locked_disabled - - section: "passwordpolicy" - rules: - - pwpolicy_account_lockout_enforce - - pwpolicy_force_pin_enable - - pwpolicy_max_grace_period_enforce - - pwpolicy_max_inactivity_enforce - - pwpolicy_minimum_length_enforce - - pwpolicy_simple_sequence_disable - - section: "Supplemental" - rules: - - supplemental_controls - - supplemental_stig diff --git a/baselines/ios_stig_byoad.yaml b/baselines/ios_stig_byoad.yaml deleted file mode 100644 index 5244c0351..000000000 --- a/baselines/ios_stig_byoad.yaml +++ /dev/null @@ -1,47 +0,0 @@ -title: "iOS/iPadOS 16.0: Security Configuration - Apple iOS/iPadOS 16 BYOAD STIG - Ver 1, Rel 1" -description: | - This guide describes the actions to take when securing a iOS/iPadOS 16.0 system against the Apple iOS/iPadOS 16 BYOAD STIG - Ver 1, Rel 1 security baseline. -authors: | - *macOS Security Compliance Project* - - |=== - |Dan Brodjieski|National Aeronautics and Space Administration - |Allen Golbig|Jamf - |Bob Gendler|National Institute of Standards and Technology - |=== -parent_values: "ios_stig_byoad" -profile: - - section: "icloud" - rules: - - icloud_managed_apps_store_data_disabled - - section: "ios" - rules: - - os_airdrop_unmanaged_destination_enable - - os_airplay_password_require - - os_allow_contacts_read_managed_sources_unmanaged_destinations_disable - - os_allow_contacts_write_managed_sources_unmanaged_destinations_disable - - os_allow_documents_managed_sources_unmanaged_destinations_disable - - os_allow_documents_unmanaged_sources_managed_destinations_disable - - os_apple_watch_wrist_detection_enable - - os_application_allow_list - - os_diagnostics_reports_disable - - os_enterprise_books_disable - - os_force_encrypted_backups_enable - - os_install_vpn_configuration_disable - - os_mail_move_messages_disable - - os_require_managed_pasteboard_enforce - - os_show_calendar_lock_screen_disable - - os_show_notification_center_lock_screen_disable - - os_ssl_for_exchange_activesync_enable - - section: "passwordpolicy" - rules: - - pwpolicy_account_lockout_enforce - - pwpolicy_force_pin_enable - - pwpolicy_max_grace_period_enforce - - pwpolicy_max_inactivity_enforce - - pwpolicy_minimum_length_enforce - - pwpolicy_simple_sequence_disable - - section: "Supplemental" - rules: - - supplemental_controls - - supplemental_stig