claude/fix-cis-shebang-NTw1M (#43681)

When importing CIS benchmark content for multiple OS versions into a
single
Fleet team via GitOps, users encounter several hard validation failures
because
Fleet enforces uniqueness on script basenames, mobileconfig
PayloadDisplayName /
PayloadIdentifier, and policy name fields.

Changes (all confined to docs/solutions/cis/):
- Fix #!/usr/bin/env bash shebang in CIS_2.6.7.sh (macOS 13/14/15) ->
#!/bin/bash
- Prefix script filenames with OS slug (macos13-, macos14-, macos15-,
win10-,
  win11-, win11-intune-) to prevent basename collisions
- Prefix mobileconfig PayloadDisplayName with OS tag ([macOS 13] etc.),
which
  is the field Fleet uses for identity
- Prefix mobileconfig PayloadIdentifier with an OS slug so identifiers
stay
  unique across versions
- Prefix every policy name: field with the OS tag; preserve original
YAML
formatting (plain, single-quoted with '' escapes, and folded block
scalars)
- Rename Windows XML profiles with win10-, win11-, and win11-intune-
prefixes

None of these changes affect the security logic or coverage of the
benchmarks.
They only make the content importable without manual intervention.

Co-authored-by: Claude <noreply@anthropic.com>

docs/solutions/cis/macos-13/configuration-profiles/macos13-1.2.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Auto Update Is Enabled</string>
+	<string>[macOS 13] Ensure Auto Update Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.2</string>
+	<string>com.fleetdm.macos13.cis-1.2</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-1.3.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Download New Updates When Available Is Enabled</string>
+	<string>[macOS 13] Ensure Download New Updates When Available Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.3</string>
+	<string>com.fleetdm.macos13.cis-1.3</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-1.4.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Install of macOS Updates Is Enabled</string>
+	<string>[macOS 13] Ensure Install of macOS Updates Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.4</string>
+	<string>com.fleetdm.macos13.cis-1.4</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-1.5.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Install Application Updates from the App Store Is Enabled</string>
+	<string>[macOS 13] Ensure Install Application Updates from the App Store Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.5</string>
+	<string>com.fleetdm.macos13.cis-1.5</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-1.6.mobileconfig

@@ -22,9 +22,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Install Security Responses and System Files Is Enabled</string>
+	<string>[macOS 13] Ensure Install Security Responses and System Files Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.6</string>
+	<string>com.fleetdm.macos13.cis-1.6</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-1.7.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Software Update Deferment Is Less Than or Equal to 30 Days</string>
+	<string>[macOS 13] Ensure Software Update Deferment Is Less Than or Equal to 30 Days</string>
 	<key>PayloadIdentifier</key>
-	<string>com.zwass.cis-1.7</string>
+	<string>macos13.com.zwass.cis-1.7</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.1.1.1-enable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure iCloud Keychain is enabled</string>
+	<string>[macOS 13] Ensure iCloud Keychain is enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.1.1.1-enable</string>
+	<string>com.fleetdm.macos13.cis-2.1.1.1-enable</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.1.1.2-disable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Disable iCloud Drive storage solution usage</string>
+	<string>[macOS 13] Disable iCloud Drive storage solution usage</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.1.1.2-disable</string>
+	<string>com.fleetdm.macos13.cis-2.1.1.2-disable</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.1.1.2-enable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Enable iCloud Drive storage solution usage</string>
+	<string>[macOS 13] Enable iCloud Drive storage solution usage</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.1.1.2-enable</string>
+	<string>com.fleetdm.macos13.cis-2.1.1.2-enable</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.1.1.3.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure iCloud Drive Document and Desktop Sync Is Disabled</string>
+	<string>[macOS 13] Ensure iCloud Drive Document and Desktop Sync Is Disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.1.1.3</string>
+	<string>com.fleetdm.macos13.cis-2.1.1.3</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.10.3.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure a Custom Message for the Login Screen Is Enabled</string>
+	<string>[macOS 13] Ensure a Custom Message for the Login Screen Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.10.3</string>
+	<string>com.fleetdm.macos13.cis-2.10.3</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.12.3.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Automatic Login Is Disabled</string>
+	<string>[macOS 13] Ensure Automatic Login Is Disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.12.3</string>
+	<string>com.fleetdm.macos13.cis-2.12.3</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.2.1.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Firewall Is Enabled</string>
+	<string>[macOS 13] Ensure Firewall Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.2.1</string>
+	<string>com.fleetdm.macos13.cis-2.2.1</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.2.2.mobileconfig

@@ -22,9 +22,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Firewall Stealth Mode Is Enabled</string>
+	<string>[macOS 13] Ensure Firewall Stealth Mode Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.2.2</string>
+	<string>com.fleetdm.macos13.cis-2.2.2</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.3.1.1.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure AirDrop Is Disabled</string>
+	<string>[macOS 13] Ensure AirDrop Is Disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.3.1.1</string>
+	<string>com.fleetdm.macos13.cis-2.3.1.1</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.3.1.2.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure AirPlay Receiver Is Disabled</string>
+	<string>[macOS 13] Ensure AirPlay Receiver Is Disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.3.1.2</string>
+	<string>com.fleetdm.macos13.cis-2.3.1.2</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.3.2.1.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Set Time and Date Automatically Is Enabled</string>
+	<string>[macOS 13] Ensure Set Time and Date Automatically Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.3.2.1</string>
+	<string>com.fleetdm.macos13.cis-2.3.2.1</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.3.3.10.mobileconfig

@@ -24,9 +24,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Media Sharing is Disabled</string>
+	<string>[macOS 13] Ensure Media Sharing is Disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.3.3.10</string>
+	<string>com.fleetdm.macos13.cis-2.3.3.10</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.3.3.9.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Content Caching Is Disabled</string>
+	<string>[macOS 13] Ensure Content Caching Is Disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.3.3.9</string>
+	<string>com.fleetdm.macos13.cis-2.3.3.9</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.4.1.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Show Wi-Fi status in Menu Bar Is Enabled</string>
+	<string>[macOS 13] Ensure Show Wi-Fi status in Menu Bar Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.4.1</string>
+	<string>com.fleetdm.macos13.cis-2.4.1</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.4.2.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Show Bluetooth Status in Menu Bar Is Enabled</string>
+	<string>[macOS 13] Ensure Show Bluetooth Status in Menu Bar Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.4.2</string>
+	<string>com.fleetdm.macos13.cis-2.4.2</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.5.1-disable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Disable Siri</string>
+	<string>[macOS 13] Disable Siri</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.5.1-disable</string>
+	<string>com.fleetdm.macos13.cis-2.5.1-disable</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.5.1-enable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Enable Siri</string>
+	<string>[macOS 13] Enable Siri</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.5.1-enable</string>
+	<string>com.fleetdm.macos13.cis-2.5.1-enable</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.6.1.1.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Location Services Is Enabled</string>
+	<string>[macOS 13] Ensure Location Services Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.6.1.1</string>
+	<string>com.fleetdm.macos13.cis-2.6.1.1</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.6.2-part1.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 1)</string>
+	<string>[macOS 13] Ensure Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 1)</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.6.2-part1</string>
+	<string>com.fleetdm.macos13.cis-2.6.2-part1</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.6.2-part2.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 2)</string>
+	<string>[macOS 13] Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 2)</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.6.2-part2</string>
+	<string>com.fleetdm.macos13.cis-2.6.2-part2</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.6.2-part3.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 3)</string>
+	<string>[macOS 13] Ensure Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 3)</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.6.2-part3</string>
+	<string>com.fleetdm.macos13.cis-2.6.2-part3</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.6.3.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Limit Ad Tracking Is Enabled</string>
+	<string>[macOS 13] Ensure Limit Ad Tracking Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.6.3</string>
+	<string>com.fleetdm.macos13.cis-2.6.3</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.6.4.mobileconfig

@@ -22,9 +22,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Gatekeeper Is Enabled</string>
+	<string>[macOS 13] Ensure Gatekeeper Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.6.4</string>
+	<string>com.fleetdm.macos13.cis-2.6.4</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.6.5.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure FileVault Is Enabled</string>
+	<string>[macOS 13] Ensure FileVault Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.6.5</string>
+	<string>com.fleetdm.macos13.cis-2.6.5</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.8.1-disable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Universal Control is disabled</string>
+	<string>[macOS 13] Ensure Universal Control is disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.8.1-disabled</string>
+	<string>com.fleetdm.macos13.cis-2.8.1-disabled</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-2.8.1-enable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Universal Control is enabled</string>
+	<string>[macOS 13] Ensure Universal Control is enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.8.1-enabled</string>
+	<string>com.fleetdm.macos13.cis-2.8.1-enabled</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-3.6.mobileconfig

@@ -24,9 +24,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Firewall Logging Is Enabled and Configured</string>
+	<string>[macOS 13] Ensure Firewall Logging Is Enabled and Configured</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-3.6</string>
+	<string>com.fleetdm.macos13.cis-3.6</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-4.1.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Bonjour Advertising Services Is Disabled</string>
+	<string>[macOS 13] Ensure Bonjour Advertising Services Is Disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-4.1</string>
+	<string>com.fleetdm.macos13.cis-4.1</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-5.2.1.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Password Account Lockout Threshold Is Configured</string>
+	<string>[macOS 13] Ensure Password Account Lockout Threshold Is Configured</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-5.2.1</string>
+	<string>com.fleetdm.macos13.cis-5.2.1</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-5.2.2.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Password Minimum Length Is Configured</string>
+	<string>[macOS 13] Ensure Password Minimum Length Is Configured</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-5.2.2</string>
+	<string>com.fleetdm.macos13.cis-5.2.2</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-5.2.3-and-5.2.4.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Require AlphaNumeric characters in password</string>
+	<string>[macOS 13] Require AlphaNumeric characters in password</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-5.2.3-and-5.2.4</string>
+	<string>com.fleetdm.macos13.cis-5.2.3-and-5.2.4</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-5.2.5.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Require Special characters in password</string>
+	<string>[macOS 13] Require Special characters in password</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-5.2.5</string>
+	<string>com.fleetdm.macos13.cis-5.2.5</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-5.2.7.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Password Age Is Configured</string>
+	<string>[macOS 13] Ensure Password Age Is Configured</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-5.2.7</string>
+	<string>com.fleetdm.macos13.cis-5.2.7</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-5.2.8.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Password History Is Configured</string>
+	<string>[macOS 13] Ensure Password History Is Configured</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-5.2.8</string>
+	<string>com.fleetdm.macos13.cis-5.2.8</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-6.3.1.mobileconfig

@@ -20,9 +20,9 @@
 		<key>PayloadDescription</key>
 		<string>test</string>
 		<key>PayloadDisplayName</key>
-		<string>Ensure Automatic Opening of Safe Files in Safari Is Disabled</string>
+		<string>[macOS 13] Ensure Automatic Opening of Safe Files in Safari Is Disabled</string>
 		<key>PayloadIdentifier</key>
-		<string>com.fleetdm.cis-6.3.1</string>
+		<string>com.fleetdm.macos13.cis-6.3.1</string>
 		<key>PayloadRemovalDisallowed</key>
 		<false/>
 		<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-6.3.2.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Audit History and Remove History Items</string>
+	<string>[macOS 13] Audit History and Remove History Items</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-6.3.2</string>
+	<string>com.fleetdm.macos13.cis-6.3.2</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-6.3.3.mobileconfig

@@ -20,9 +20,9 @@
 		<key>PayloadDescription</key>
 		<string>test</string>
 		<key>PayloadDisplayName</key>
-		<string>Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled</string>
+		<string>[macOS 13] Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled</string>
 		<key>PayloadIdentifier</key>
-		<string>com.fleetdm.cis-6.3.3</string>
+		<string>com.fleetdm.macos13.cis-6.3.3</string>
 		<key>PayloadRemovalDisallowed</key>
 		<false/>
 		<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-6.3.4.mobileconfig

@@ -24,9 +24,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Prevent Cross-site Tracking in Safari Is Enabled</string>
+	<string>[macOS 13] Ensure Prevent Cross-site Tracking in Safari Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-6.3.4</string>
+	<string>com.fleetdm.macos13.cis-6.3.4</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-6.3.7.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Show Full Website Address in Safari Is Enabled</string>
+	<string>[macOS 13] Ensure Show Full Website Address in Safari Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-6.3.7</string>
+	<string>com.fleetdm.macos13.cis-6.3.7</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-13/configuration-profiles/macos13-6.4.1.mobileconfig

@@ -20,9 +20,9 @@
 		<key>PayloadDescription</key>
 		<string>test</string>
 		<key>PayloadDisplayName</key>
-		<string>Ensure Secure Keyboard Entry Terminal.app Is Enabled</string>
+		<string>[macOS 13] Ensure Secure Keyboard Entry Terminal.app Is Enabled</string>
 		<key>PayloadIdentifier</key>
-		<string>com.fleetdm.cis-6.4.1</string>
+		<string>com.fleetdm.macos13.cis-6.4.1</string>
 		<key>PayloadRemovalDisallowed</key>
 		<false/>
 		<key>PayloadScope</key>

docs/solutions/cis/macos-13/policies/cis-policy-queries.yml

@@ -2,7 +2,7 @@
 # They are preserved for reference and for use by other tooling.
 # Affected fields: purpose, tags, contributors, platforms
 
-- name: CIS - Ensure All Apple-provided Software Is Current (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure All Apple-provided Software Is Current (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -20,7 +20,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-1.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Auto Update Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Auto Update Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Checks that the system is configured via MDM to automatically install updates.
@@ -44,7 +44,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-1.2
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Download New Updates When Available Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Download New Updates When Available Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Checks that the system is configured via MDM to automatically download updates.
@@ -68,7 +68,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-1.3
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Install of macOS Updates Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Install of macOS Updates Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Ensure that macOS updates are installed after they are available from Apple.
@@ -92,7 +92,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-1.4
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Install Application Updates from the App Store Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Install Application Updates from the App Store Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Ensure that application updates are installed after they are available from Apple.
@@ -116,7 +116,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-1.5
   # contributors: lucasmrod
 
-- name: CIS - Ensure XProtect Is Running and Updated
+- name: "[macOS 13] CIS - Ensure XProtect Is Running and Updated"
   # platforms: macOS
   platform: darwin
   description: |
@@ -140,7 +140,7 @@
   # tags: compliance, CIS, CIS_Level1
   # contributors: defensivedepth, getvictor
 
-- name: CIS - Ensure Install Security Responses and System Files Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Install Security Responses and System Files Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -168,7 +168,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-1.6
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Software Update Deferment Is Less Than or Equal to 30 Days (MDM Required)
+- name: "[macOS 13] CIS - Ensure Software Update Deferment Is Less Than or Equal to 30 Days (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -198,7 +198,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-1.7
   # contributors: lucasmrod
 
-- name: CIS - Ensure iCloud Drive storage solution is disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure iCloud Drive storage solution is disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -232,7 +232,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.1.1.2-disabled, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure iCloud Drive storage solution is enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure iCloud Drive storage solution is enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -266,7 +266,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.1.1.2-enabled, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure iCloud Keychain is disabled (if your org policy is to disable it) (MDM Required)
+- name: "[macOS 13] CIS - Ensure iCloud Keychain is disabled (if your org policy is to disable it) (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -301,7 +301,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.1.1.1-disable, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure iCloud Keychain is enabled (if your org policy is to enable it) (MDM Required)
+- name: "[macOS 13] CIS - Ensure iCloud Keychain is enabled (if your org policy is to enable it) (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -336,7 +336,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.1.1.1-enable, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure iCloud Drive Document and Desktop Sync Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure iCloud Drive Document and Desktop Sync Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Automated Document synchronization should be planned and controlled to approved storage.
@@ -365,7 +365,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.1.1.3
   # contributors: zwass
 
-- name: CIS - Ensure Firewall Is Enabled
+- name: "[macOS 13] CIS - Ensure Firewall Is Enabled"
   # platforms: macOS
   platform: darwin
   description: A firewall minimizes the threat of unauthorized users gaining access to your system while connected to a network or the Internet.
@@ -375,7 +375,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.2.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Firewall Stealth Mode Is Enabled
+- name: "[macOS 13] CIS - Ensure Firewall Stealth Mode Is Enabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -393,7 +393,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.2.2
   # contributors: lucasmrod
 
-- name: CIS - Ensure AirDrop Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure AirDrop Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -424,7 +424,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.1.1
   # contributors: lucasmrod
 
-- name: CIS - Ensure AirPlay Receiver Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure AirPlay Receiver Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -461,7 +461,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.1.2
   # contributors: lucasmrod
 
-- name: CIS - Ensure Set Time and Date Automatically Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Set Time and Date Automatically Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -491,7 +491,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.2.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure the Time Service Is Enabled
+- name: "[macOS 13] CIS - Ensure the Time Service Is Enabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -505,7 +505,7 @@
   # tags: compliance, CIS, CIS_Level1
   # contributors: defensivedepth
 
-- name: CIS - Ensure Time Is Set Within Appropriate Limits (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure Time Is Set Within Appropriate Limits (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -517,7 +517,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.2.2
   # contributors: lucasmrod 
 
-- name: CIS - Ensure DVD or CD Sharing Is Disabled
+- name: "[macOS 13] CIS - Ensure DVD or CD Sharing Is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -544,7 +544,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.1
   # contributors: artemist-work
 
-- name: CIS - Ensure Screen Sharing Is Disabled 
+- name: "[macOS 13] CIS - Ensure Screen Sharing Is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -574,7 +574,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.2
   # contributors: artemist-work
 
-- name: CIS - Ensure File Sharing Is Disabled
+- name: "[macOS 13] CIS - Ensure File Sharing Is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -601,7 +601,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.3
   # contributors: artemist-work
 
-- name: CIS - Ensure Printer Sharing is Disabled
+- name: "[macOS 13] CIS - Ensure Printer Sharing is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -626,7 +626,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.4
   # contributors: artemist-work
 
-- name: CIS - Ensure Remote Login Is Disabled
+- name: "[macOS 13] CIS - Ensure Remote Login Is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -656,7 +656,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.5
   # contributors: artemist-work
 
-- name: CIS - Ensure Remote Management is Disabled
+- name: "[macOS 13] CIS - Ensure Remote Management is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -681,7 +681,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.6
   # contributors: artemist-work
 
-- name: CIS - Ensure Remote Apple Events is Disabled
+- name: "[macOS 13] CIS - Ensure Remote Apple Events is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -709,7 +709,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.7
   # contributors: artemist-work
 
-- name: CIS - Ensure Internet Sharing Is Disabled
+- name: "[macOS 13] CIS - Ensure Internet Sharing Is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -734,7 +734,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.8
   # contributors: artemist-work
 
-- name: CIS - Ensure Content Caching Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Content Caching Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -770,7 +770,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.3.3.9
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Bluetooth Sharing Is Disabled
+- name: "[macOS 13] CIS - Ensure Bluetooth Sharing Is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -804,7 +804,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.11
   # contributors: artemist-work, getvictor
 
-- name: CIS - Ensure Media Sharing Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Media Sharing Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -857,7 +857,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.3.10
   # contributors: artemist-work
 
-- name: CIS - Ensure Backup Automatically is Enabled If Time Machine Is Enabled (FDA Required)
+- name: "[macOS 13] CIS - Ensure Backup Automatically is Enabled If Time Machine Is Enabled (FDA Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -885,7 +885,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.3.4.1
   # contributors: lucasmrod
 
-- name: CIS - Ensure Time Machine Volumes Are Encrypted If Time Machine Is Enabled (FDA Required)
+- name: "[macOS 13] CIS - Ensure Time Machine Volumes Are Encrypted If Time Machine Is Enabled (FDA Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -919,7 +919,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.3.4.2
   # contributors: lucasmrod
 
-- name: CIS - Ensure Show Wi-Fi status in Menu Bar Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Show Wi-Fi status in Menu Bar Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -953,7 +953,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.4.1
   # contributors: lucasmrod
 
-- name: CIS - Ensure Show Bluetooth Status in Menu Bar Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Show Bluetooth Status in Menu Bar Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -986,7 +986,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.4.2
   # contributors: lucasmrod
 
-- name: CIS - Ensure Siri is disabled (MDM required)
+- name: "[macOS 13] CIS - Ensure Siri is disabled (MDM required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1019,7 +1019,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1
   # contributors: sharon-fdm, getvictor
 
-- name: CIS - Ensure Siri field TypeToSiriEnabled is true (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Siri field TypeToSiriEnabled is true (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1045,7 +1045,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1-TypeToSiriEnabled-true, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Siri field TypeToSiriEnabled is false (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Siri field TypeToSiriEnabled is false (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1071,7 +1071,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1-TypeToSiriEnabled-false, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Siri field StatusMenuVisible is true (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Siri field StatusMenuVisible is true (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1097,7 +1097,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1-StatusMenuVisible-true, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Siri field StatusMenuVisible is false (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Siri field StatusMenuVisible is false (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1123,7 +1123,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1-StatusMenuVisible-false, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Siri field VoiceTriggerUserEnabled is true (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Siri field VoiceTriggerUserEnabled is true (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1149,7 +1149,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1-VoiceTriggerUserEnabled-true, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Siri field VoiceTriggerUserEnabled is false (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Siri field VoiceTriggerUserEnabled is false (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1175,7 +1175,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1-VoiceTriggerUserEnabled-false, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Siri field LockscreenEnabled is true (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Siri field LockscreenEnabled is true (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1201,7 +1201,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1-LockscreenEnabled-true, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Siri field LockscreenEnabled is false (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Siri field LockscreenEnabled is false (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1227,7 +1227,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.5.1-LockscreenEnabled-false, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Location Services Is Enabled
+- name: "[macOS 13] CIS - Ensure Location Services Is Enabled"
   # platforms: macOS
   platform: darwin
   description: Checks that Location Services option is enabled.
@@ -1245,7 +1245,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.6.1.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure 'Show Location Icon in Control Center when System Services Request Your Location' Is Enabled
+- name: "[macOS 13] CIS - Ensure 'Show Location Icon in Control Center when System Services Request Your Location' Is Enabled"
   # platforms: macOS
   platform: darwin
   description: This setting provides the user an understanding of the current status of Location Services and which applications are using it.
@@ -1265,7 +1265,7 @@
   # tags: compliance, CIS, CIS_Level2
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Location Services Is Disabled to all applications (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Location Services Is Disabled to all applications (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1287,7 +1287,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.6.1.3-Location-Service-disabled
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Location Services Is Enabled for a specific list of applications (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure Location Services Is Enabled for a specific list of applications (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1351,7 +1351,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.6.1.3-Location-Service-specifc-app-enabled, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Limit Ad Tracking Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Limit Ad Tracking Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Checks that Ensure Limit Ad Tracking Is Enabled.
@@ -1382,7 +1382,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.6.3
   # contributors: sharon-fdm
 
-- name: CIS - Ensure an Administrator Password Is Required to Access System-Wide Preferences (Fleetd required)
+- name: "[macOS 13] CIS - Ensure an Administrator Password Is Required to Access System-Wide Preferences (Fleetd required)"
   # platforms: macOS
   platform: darwin
   description: Checks that an Administrator Password Is Required to Access System-Wide Preferences
@@ -1398,7 +1398,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.6.7
   # contributors: artemist-work
 
-- name: CIS - Ensure Screen Saver Corners Are Secure (FDA Required)
+- name: "[macOS 13] CIS - Ensure Screen Saver Corners Are Secure (FDA Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1431,7 +1431,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.7.1
   # contributors: lucasmrod
 
-- name: CIS - Ensure Universal Control is enabled (Based on organization's policy) (MDM Required)
+- name: "[macOS 13] CIS - Ensure Universal Control is enabled (Based on organization's policy) (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1465,7 +1465,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.8.1-enabled, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Universal Control is disabled (Based on organization's policy) (MDM Required)
+- name: "[macOS 13] CIS - Ensure Universal Control is disabled (Based on organization's policy) (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1499,7 +1499,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.8.1-disabled, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Power Nap Is Disabled for Intel Macs (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure Power Nap Is Disabled for Intel Macs (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1528,7 +1528,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.9.1
   # contributors: lucasmrod
 
-- name: CIS - Ensure Wake for Network Access Is Disabled (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure Wake for Network Access Is Disabled (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1556,7 +1556,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.9.2
   # contributors: lucasmrod
 
-- name: CIS - Ensure the OS is not Active When Resuming from Sleep (Fleetd, FDA Required)
+- name: "[macOS 13] CIS - Ensure the OS is not Active When Resuming from Sleep (Fleetd, FDA Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1629,7 +1629,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.9.3
   # contributors: lucasmrod
 
-- name: CIS - Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Checks that Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled.
@@ -1674,7 +1674,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.10.2
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Gatekeeper Is Enabled
+- name: "[macOS 13] CIS - Ensure Gatekeeper Is Enabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1692,7 +1692,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.6.4
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Sending Diagnostic and Usage Data to Apple Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Sending Diagnostic and Usage Data to Apple Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Checks that Sending Diagnostic and Usage Data to Apple Is Disabled.
@@ -1752,7 +1752,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-2.6.2
   # contributors: sharon-fdm
 
-- name: CIS - Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: A locking screen saver is one of the standard security controls to limit access to a computer and the current user's session when the computer is temporarily unused or unattended. In macOS, the screen saver starts after a value is selected in the drop- down menu. 20 minutes or less is an acceptable value. Any value can be selected through the command line or script, but a number that is not reflected in the GUI can be problematic. 20 minutes is the default for new accounts.
@@ -1783,7 +1783,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.10.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure a Custom Message for the Login Screen Is Enabled
+- name: "[macOS 13] CIS - Ensure a Custom Message for the Login Screen Is Enabled"
   # platforms: macOS
   platform: darwin
   description: An access warning informs the user that the system is reserved for authorized use only, and that the use of the system may be monitored
@@ -1800,7 +1800,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.10.3
   # contributors: sharon-fdm
 
-- name: CIS - Ensure FileVault Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure FileVault Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Checks that FileVault Is Enabled. FileVault secures a system's data by automatically encrypting its boot volume and requiring a password or recovery key to access it. This policy checks that filevault is enabled on the device and that the user is not allowed to disable it.
@@ -1839,7 +1839,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.6.5
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Login Window Displays as Name and Password Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Login Window Displays as Name and Password Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Checks Login Window Displays as Name and Password Is Enabled.
@@ -1870,7 +1870,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.10.4
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Show Password Hints Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Show Password Hints Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: Checks Show Password Hints Is Disabled.
@@ -1901,7 +1901,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.10.5
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Users' Accounts Do Not Have a Password Hint (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure Users' Accounts Do Not Have a Password Hint (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1920,7 +1920,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.11.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Guest Account Is Disabled
+- name: "[macOS 13] CIS - Ensure Guest Account Is Disabled"
   # platforms: macOS
   platform: darwin
   description: Checks that Guest Account Is Disabled.
@@ -1939,7 +1939,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.12.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Guest Access to Shared Folders Is Disabled
+- name: "[macOS 13] CIS - Ensure Guest Access to Shared Folders Is Disabled"
   # platforms: macOS
   platform: darwin
   description: Allowing guests to connect to shared folders enables users to access selected shared folders and their contents from different computers on a network
@@ -1958,7 +1958,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.12.2
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Automatic Login Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Automatic Login Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -1995,7 +1995,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.12.3
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Security Auditing Is Enabled
+- name: "[macOS 13] CIS - Ensure Security Auditing Is Enabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2022,7 +2022,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-3.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Security Auditing Flags For User-Attributable Events Are Configured Per Local Organizational Requirements
+- name: "[macOS 13] CIS - Ensure Security Auditing Flags For User-Attributable Events Are Configured Per Local Organizational Requirements"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2074,7 +2074,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-3.2
   # contributors: sharon-fdm
 
-- name: CIS - Ensure install.log Is Retained for 365 or More Days and No Maximum Size
+- name: "[macOS 13] CIS - Ensure install.log Is Retained for 365 or More Days and No Maximum Size"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2101,7 +2101,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-3.3
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Security Auditing Retention Is Enabled
+- name: "[macOS 13] CIS - Ensure Security Auditing Retention Is Enabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2127,7 +2127,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-3.4
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Access to Audit Records Is Controlled
+- name: "[macOS 13] CIS - Ensure Access to Audit Records Is Controlled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2171,7 +2171,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-3.5
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Firewall Logging Is Enabled and Configured (MDM Required)
+- name: "[macOS 13] CIS - Ensure Firewall Logging Is Enabled and Configured (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2236,7 +2236,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-3.6
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Bonjour Advertising Services Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Bonjour Advertising Services Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2269,7 +2269,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-4.1
   # contributors: lucasmrod
 
-- name: CIS - Ensure HTTP Server Is Disabled
+- name: "[macOS 13] CIS - Ensure HTTP Server Is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2285,7 +2285,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-4.2
   # contributors: lucasmrod
 
-- name: CIS - Ensure NFS Server Is Disabled
+- name: "[macOS 13] CIS - Ensure NFS Server Is Disabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2314,7 +2314,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-4.3
   # contributors: lucasmrod, getvictor
 
-- name: CIS - Ensure Home Folders Are Secure
+- name: "[macOS 13] CIS - Ensure Home Folders Are Secure"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2340,7 +2340,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.1.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure System Integrity Protection Status (SIP) Is Enabled
+- name: "[macOS 13] CIS - Ensure System Integrity Protection Status (SIP) Is Enabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2358,7 +2358,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.1.2
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Apple Mobile File Integrity (AMFI) Is Enabled (fleetd required)
+- name: "[macOS 13] CIS - Ensure Apple Mobile File Integrity (AMFI) Is Enabled (fleetd required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2373,7 +2373,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.1.3
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Sealed System Volume (SSV) Is Enabled (fleetd required)
+- name: "[macOS 13] CIS - Ensure Sealed System Volume (SSV) Is Enabled (fleetd required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2388,7 +2388,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.1.4
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Appropriate Permissions Are Enabled for System Wide Applications
+- name: "[macOS 13] CIS - Ensure Appropriate Permissions Are Enabled for System Wide Applications"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2414,7 +2414,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.1.5
   # contributors: sharon-fdm
 
-- name: CIS - Ensure No World Writable Files Exist in the System Folder
+- name: "[macOS 13] CIS - Ensure No World Writable Files Exist in the System Folder"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2438,7 +2438,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.1.6
   # contributors: sharon-fdm
 
-- name: CIS - Ensure No World Writable Folders Exist in the Library Folder (Fleetd required)
+- name: "[macOS 13] CIS - Ensure No World Writable Folders Exist in the Library Folder (Fleetd required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2483,7 +2483,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-5.1.7
   # contributors: sharon-fdm, getvictor
 
-- name: CIS - Ensure Password Account Lockout Threshold Is Configured (Fleetd required)
+- name: "[macOS 13] CIS - Ensure Password Account Lockout Threshold Is Configured (Fleetd required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2501,7 +2501,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.2.1
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Password Minimum Length Is Configured
+- name: "[macOS 13] CIS - Ensure Password Minimum Length Is Configured"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2527,7 +2527,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.2.2
   # contributors: sharon-fdm, getvictor
 
-- name: CIS - Ensure Complex Password Must Contain Alphabetic Characters AND Numeric Characters Is Configured (MDM Required)
+- name: "[macOS 13] CIS - Ensure Complex Password Must Contain Alphabetic Characters AND Numeric Characters Is Configured (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2556,7 +2556,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-5.2.3, CIS-macos-13-5.2.4
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Complex Password Must Contain Special Character Is Configured (MDM Required)
+- name: "[macOS 13] CIS - Ensure Complex Password Must Contain Special Character Is Configured (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2582,7 +2582,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-5.2.5
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is Configured (Fleetd required)
+- name: "[macOS 13] CIS - Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is Configured (Fleetd required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2596,7 +2596,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.2.6
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Password Age Is Configured (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure Password Age Is Configured (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2618,7 +2618,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.2.7
   # contributors: sharon-fdm
 
-- name: CIS - Ensure password history is set to at least 24 (MDM required)
+- name: "[macOS 13] CIS - Ensure password history is set to at least 24 (MDM required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2634,7 +2634,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.2.8
   # contributors: sharon-fdm, getvictor
 
-- name: CIS - Ensure all user storage APFS volumes are encrypted (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure all user storage APFS volumes are encrypted (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2665,7 +2665,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.3.1
   # contributors: artemist-work
 
-- name: CIS - Ensure all user storage CoreStorage volumes are encrypted (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure all user storage CoreStorage volumes are encrypted (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2684,7 +2684,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.3.2
   # contributors: artemist-work
 
-- name: CIS - Ensure the Sudo Timeout Period Is Set to Zero (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure the Sudo Timeout Period Is Set to Zero (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2709,7 +2709,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.4
   # contributors: lucasmrod
 
-- name: CIS - Ensure a Separate Timestamp Is Enabled for Each User/tty (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure a Separate Timestamp Is Enabled for Each User/tty (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2733,7 +2733,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.5
   # contributors: lucasmrod
 
-- name: CIS - Ensure the "root" Account Is Disabled (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure the \"root\" Account Is Disabled (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2752,7 +2752,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.6
   # contributors: lucasmrod
 
-- name: CIS - Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2782,7 +2782,7 @@
   # tags: compliance, CIS, CIS_Level1
   # contributors: lucasmrod, getvictor
 
-- name: CIS - Ensure a Login Window Banner Exists
+- name: "[macOS 13] CIS - Ensure a Login Window Banner Exists"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2804,7 +2804,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-5.8
   # contributors: lucasmrod
 
-- name: CIS - Ensure Legacy EFI Is Valid and Updating (Fleetd Required)
+- name: "[macOS 13] CIS - Ensure Legacy EFI Is Valid and Updating (Fleetd Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2831,7 +2831,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.9
   # contributors: lucasmrod
 
-- name: CIS - Ensure the Guest Home Folder Does Not Exist
+- name: "[macOS 13] CIS - Ensure the Guest Home Folder Does Not Exist"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2846,7 +2846,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-5.10
   # contributors: lucasmrod
 
-- name: CIS - Ensure Show All Filename Extensions Setting is Enabled
+- name: "[macOS 13] CIS - Ensure Show All Filename Extensions Setting is Enabled"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2880,7 +2880,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-6.1.1
   # contributors: artemist-work, getvictor
 
-- name: CIS - Ensure Automatic Opening of Safe Files in Safari Is Disabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Automatic Opening of Safe Files in Safari Is Disabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2915,7 +2915,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-6.3.1
   # contributors: artemist-work
 
-- name: CIS - Audit Safari Web Browser History and Remove History Items (organization decision needed)(MDM Required)
+- name: "[macOS 13] CIS - Audit Safari Web Browser History and Remove History Items (organization decision needed)(MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2964,7 +2964,7 @@
   # tags: compliance, CIS, CIS_Level2, CIS-macos-13-6.3.2, decision-needed
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -2993,7 +2993,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-6.3.3
   # contributors: artemist-work
 
-- name: CIS - Ensure Prevent Cross-site Tracking in Safari Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Prevent Cross-site Tracking in Safari Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -3054,7 +3054,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-6.3.4
   # contributors: lucasmrod
 
-- name: CIS - Ensure the Hide IP Address in Safari is Enabled (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure the Hide IP Address in Safari is Enabled (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -3082,7 +3082,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-6.3.5-enabled, decision-needed
   # contributors: artemist-work
 
-- name: CIS - Ensure the Hide IP Address in Safari is Disabled (Based on organization's policy)
+- name: "[macOS 13] CIS - Ensure the Hide IP Address in Safari is Disabled (Based on organization's policy)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -3112,7 +3112,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-6.3.5-disabled, decision-needed
   # contributors: artemist-work
 
-- name: CIS - Ensure Advertising Privacy Protection in Safari Is Enabled (FDA Required)
+- name: "[macOS 13] CIS - Ensure Advertising Privacy Protection in Safari Is Enabled (FDA Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -3143,7 +3143,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-6.3.6
   # contributors: artemist-work
 
-- name: CIS - Ensure Show Full Website Address in Safari Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Show Full Website Address in Safari Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -3181,7 +3181,7 @@
   # tags: compliance, CIS, CIS_Level1, CIS-macos-13-6.3.7
   # contributors: sharon-fdm
 
-- name: CIS - Ensure Show Status Bar Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Show Status Bar Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |
@@ -3202,7 +3202,7 @@
   # tags: compliance, CIS, CIS_Level1
   # contributors: defensivedepth
 
-- name: CIS - Ensure Secure Keyboard Entry Terminal.app Is Enabled (MDM Required)
+- name: "[macOS 13] CIS - Ensure Secure Keyboard Entry Terminal.app Is Enabled (MDM Required)"
   # platforms: macOS
   platform: darwin
   description: |

docs/solutions/cis/macos-13/scripts/macos13-CIS_2.6.7.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
 set -eu
 
 sudo security authorizationdb read system.preferences > /tmp/system.preferences.plist

docs/solutions/cis/macos-14/configuration-profiles/macos14-1.2.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Auto Update Is Enabled</string>
+	<string>[macOS 14] Ensure Auto Update Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.2</string>
+	<string>com.fleetdm.macos14.cis-1.2</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-1.3.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Download New Updates When Available Is Enabled</string>
+	<string>[macOS 14] Ensure Download New Updates When Available Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.3</string>
+	<string>com.fleetdm.macos14.cis-1.3</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-1.4.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Install of macOS Updates Is Enabled</string>
+	<string>[macOS 14] Ensure Install of macOS Updates Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.4</string>
+	<string>com.fleetdm.macos14.cis-1.4</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-1.5.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Install Application Updates from the App Store Is Enabled</string>
+	<string>[macOS 14] Ensure Install Application Updates from the App Store Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.5</string>
+	<string>com.fleetdm.macos14.cis-1.5</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-1.6.mobileconfig

@@ -22,9 +22,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Install Security Responses and System Files Is Enabled</string>
+	<string>[macOS 14] Ensure Install Security Responses and System Files Is Enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-1.6</string>
+	<string>com.fleetdm.macos14.cis-1.6</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-1.7.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Software Update Deferment Is Less Than or Equal to 30 Days</string>
+	<string>[macOS 14] Ensure Software Update Deferment Is Less Than or Equal to 30 Days</string>
 	<key>PayloadIdentifier</key>
-	<string>com.zwass.cis-1.7</string>
+	<string>macos14.com.zwass.cis-1.7</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-2.1.1.1-enable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure iCloud Keychain is enabled</string>
+	<string>[macOS 14] Ensure iCloud Keychain is enabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.1.1.1-enable</string>
+	<string>com.fleetdm.macos14.cis-2.1.1.1-enable</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-2.1.1.2-disable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Disable iCloud Drive storage solution usage</string>
+	<string>[macOS 14] Disable iCloud Drive storage solution usage</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.1.1.2-disable</string>
+	<string>com.fleetdm.macos14.cis-2.1.1.2-disable</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-2.1.1.2-enable.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Enable iCloud Drive storage solution usage</string>
+	<string>[macOS 14] Enable iCloud Drive storage solution usage</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.1.1.2-enable</string>
+	<string>com.fleetdm.macos14.cis-2.1.1.2-enable</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>

docs/solutions/cis/macos-14/configuration-profiles/macos14-2.1.1.3.mobileconfig

@@ -20,9 +20,9 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure iCloud Drive Document and Desktop Sync Is Disabled</string>
+	<string>[macOS 14] Ensure iCloud Drive Document and Desktop Sync Is Disabled</string>
 	<key>PayloadIdentifier</key>
-	<string>com.fleetdm.cis-2.1.1.3</string>
+	<string>com.fleetdm.macos14.cis-2.1.1.3</string>
 	<key>PayloadRemovalDisallowed</key>
 	<false/>
 	<key>PayloadScope</key>