CIS Apple OSX 10.9 Benchmark
Total Page:16
File Type:pdf, Size:1020Kb
CIS Apple OSX 10.9 Benchmark v1.3.0 - 11-04-2016 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License. The link to the license terms can be found at https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode To further clarify the Creative Commons license related to CIS Benchmark content, you are authorized to copy and redistribute the content for use by you, within your organization and outside your organization for non-commercial purposes only, provided that (i) appropriate credit is given to CIS, (ii) a link to the license is provided. Additionally, if you remix, transform or build upon the CIS Benchmark(s), you may only distribute the modified materials if they are subject to the same license terms as the original Benchmark license and your derivative will no longer be a CIS Benchmark. Commercial use of CIS Benchmarks is subject to the prior approval of the Center for Internet Security. 1 | P a g e Table of Contents Overview .................................................................................................................................................................. 7 Intended Audience ........................................................................................................................................... 7 Consensus Guidance ........................................................................................................................................ 7 Typographical Conventions ......................................................................................................................... 8 Scoring Information ........................................................................................................................................ 8 Profile Definitions ............................................................................................................................................ 9 Acknowledgements ...................................................................................................................................... 10 Recommendations ............................................................................................................................................. 11 1 Install Updates, Patches and Additional Security Software ...................................................... 11 1.1 Verify all Apple provided software is current (Scored) ................................................ 11 1.2 Enable Auto Update Checks (Scored) ................................................................................... 13 1.3 Enable app update installs (Scored) ..................................................................................... 15 1.4 Enable system data files and security update installs (Scored) ................................. 17 2 System Preferences ................................................................................................................................... 18 2.1 Bluetooth .............................................................................................................................................. 19 2.1.1 Turn off Bluetooth, if no paired devices exist (Scored) ............................................. 19 2.1.2 Turn off Bluetooth "Discoverable" mode when not pairing devices (Scored) .. 21 2.1.3 Show Bluetooth status in menu bar (Scored) ................................................................ 22 2.2 Date & Time ......................................................................................................................................... 23 2.2.1 Enable "Set time and date automatically" (Not Scored) ............................................ 23 2.2.2 Ensure time set is within appropriate limits (Scored) ............................................... 25 2.2.3 Restrict NTP server to loopback interface (Scored) ................................................... 27 2.3 Desktop & Screen Saver .................................................................................................................. 29 2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver (Scored) . 29 2.3.2 Secure screen saver corners (Scored) .............................................................................. 31 2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver (Not Scored) ..................................................................................................................................................................... 32 2 | P a g e 2.3.4 Set a screen corner to Start Screen Saver (Scored) ..................................................... 34 2.4 Sharing................................................................................................................................................... 35 2.4.1 Disable Remote Apple Events (Scored) ............................................................................ 35 2.4.2 Disable Internet Sharing (Scored) ...................................................................................... 36 2.4.3 Disable Screen Sharing (Scored) ......................................................................................... 37 2.4.4 Disable Printer Sharing (Scored) ........................................................................................ 38 2.4.5 Disable Remote Login (Scored) ........................................................................................... 39 2.4.6 Disable DVD or CD Sharing (Scored) ................................................................................. 41 2.4.7 Disable Bluetooth Sharing (Scored) .................................................................................. 42 2.4.8 Disable File Sharing (Scored) ............................................................................................... 43 2.4.9 Disable Remote Management (Scored) ............................................................................ 45 2.5 Energy Saver ....................................................................................................................................... 47 2.5.1 Disable "Wake for network access" (Scored) ................................................................ 47 2.5.2 Disable sleeping the computer when connected to power (Scored) .................... 49 2.6 Security & Privacy ............................................................................................................................. 51 2.6.1 Enable FileVault (Scored) ...................................................................................................... 51 2.6.2 Enable Gatekeeper (Scored) ................................................................................................. 52 2.6.3 Enable Firewall (Scored) ....................................................................................................... 53 2.6.4 Enable Firewall Stealth Mode (Scored) ............................................................................ 55 2.6.5 Review Application Firewall Rules (Scored).................................................................. 57 2.6.6 Enable Location Services (Not Scored) ............................................................................ 59 2.6.7 Monitor Location Services Access (Not Scored) ........................................................... 61 2.7 iCloud ..................................................................................................................................................... 63 2.7.1 iCloud configuration (Not Scored) ..................................................................................... 63 2.7.2 iCloud keychain (Not Scored) .............................................................................................. 65 2.8 Time Machine ..................................................................................................................................... 66 2.8.1 Time Machine Auto-Backup (Scored) ............................................................................... 66 2.8.2 Time Machine Volumes Are Encrypted (Not Scored) ................................................. 69 2.9 Pair the remote control infrared receiver if enabled (Scored) ................................... 71 2.10 Enable Secure Keyboard Entry in terminal.app (Scored) .......................................... 73 3 | P a g e 2.11 Java 6 is not the default Java runtime (Scored) .............................................................. 74 2.12 Configure Secure Empty Trash (Scored) .......................................................................... 75 3 Logging and Auditing ............................................................................................................................... 76 3.1 Configure asl.conf .............................................................................................................................. 77 3.1.1 Retain system.log for 90 or more days (Scored) .......................................................... 77 3.1.2 Retain appfirewall.log for 90 or more days (Scored) ................................................. 79 3.1.3 Retain authd.log for 90 or more days (Scored) ............................................................. 81 3.2 Enable security auditing (Scored) ......................................................................................... 83 3.3 Configure Security Auditing Flags (Scored) ......................................................................