Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Migrate CIS benchmarks to docs/solutions/cis/ with production-ready profiles, scripts, and policies (#43657)

Browse source 
## Summary

Migrates CIS benchmark files from `ee/cis/` to `docs/solutions/cis/` in
Fleet GitOps-compatible format, with configuration profiles, remediation
scripts, and policy queries for macOS 13/14/15, Windows 10/11, and
Windows 11 Intune.

**The original AI-generated content (commits 1–4) contained critical
errors that would cause silent deployment failures.** Commits 5–10 are a
systematic review that validates every CSP path, Apple payload key, and
script against official vendor documentation — fixing 30+ issues.

---

## What was wrong and why

### 1. Windows XML profiles used wrong SyncML format (would be rejected
by Fleet)

The AI generated full SyncML protocol envelopes
(`<SyncML><SyncBody><CmdID>…<Final/>`), but Fleet expects flat
`<Replace><Item>…</Item></Replace>` blocks — the same format used in
[`docs/solutions/windows/configuration-profiles/`](https://github.com/fleetdm/fleet/tree/main/docs/solutions/windows/configuration-profiles).
Every production Fleet profile (e.g., [`enforce device password and lock
requirements –
[Bundle].xml`](https://github.com/fleetdm/fleet/blob/main/docs/solutions/windows/configuration-profiles/enforce%20device%20password%20and%20lock%20requirements%20%E2%80%93%20%5BBundle%5D.xml))
uses this flat format. This is the same class of error [reported by
@AdamBaali in
#42748](https://github.com/fleetdm/fleet/issues/42748#issuecomment-4223794562)
when testing the `numa` AI-generated security baseline.

**Fix:** Rewrote all 13 XML files to match Fleet's expected format.

### 2. Six Audit CSP names were fabricated (`LogonLogoff_` prefix
doesn't exist)

The AI used `Audit/LogonLogoff_AuditLogon` etc., but the [Microsoft
Audit Policy CSP
documentation](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-audit)
specifies the prefix `AccountLogonLogoff_` — e.g.,
`Audit/AccountLogonLogoff_AuditLogon`. Using the wrong prefix returns
HTTP 500 from the MDM server.

**Fix:** Corrected all 6 across 3 platform variants (18 replacements).

### 3. Three Apple Intelligence profiles used fabricated payload keys

The AI invented keys that don't exist in [Apple's device-management
reference](https://github.com/apple/device-management/blob/release/mdm/profiles/com.apple.applicationaccess.yaml):

| Profile | AI-generated (fabricated) | Correct per Apple reference |
|---------|--------------------------|----------------------------|
| Extensions | `allowIntelligenceExtensions` |
`allowExternalIntelligenceIntegrations` |
| Mail | `com.apple.mail` / `allowMailIntelligence` |
`com.apple.applicationaccess` / `allowMailSmartReplies` +
`allowMailSummary` |
| Notes | `com.apple.mobilenotes` / `allowNotesIntelligence` |
`com.apple.applicationaccess` / `allowNotesTranscription` +
`allowNotesTranscriptionSummary` |

These profiles would deploy silently but enforce nothing — the keys
would be ignored by macOS. The corresponding policy SQL queries also
referenced the fabricated keys, so compliance checks would never pass
even with the profile applied.

**Fix:** Corrected keys, domains, and the corresponding policy SQL
queries so compliance checks match what the profiles actually enforce.

### 4. Firewall CSP used wrong URI prefix

AI used `./Device/Vendor/MSFT/Firewall/MdmStore/…` but [Microsoft's
Firewall CSP
documentation](https://learn.microsoft.com/en-us/windows/client-management/mdm/firewall-csp)
and Fleet's own production profiles use
`./Vendor/MSFT/Firewall/MdmStore/…`.

**Fix:** Updated all firewall URIs across 3 platform variants.

### 5. Wrong SIDs in user rights deny policies

CIS 2.2.16 (Deny access from network) and 2.2.20 (Deny RDP logon)
require denying both **Guests** (`S-1-5-32-546`) and **Local account**
(`S-1-5-113`). The AI only included Guests. This is the same error
[identified by @AdamBaali in
#42748](https://github.com/fleetdm/fleet/issues/42748#issuecomment-4223794562)
where the `numa` baseline used `S-1-2-0` (wrong SID entirely).

**Fix:** Added `S-1-5-113` to both XML profiles and PS1 scripts.

### 6. macOS scripts had runtime-breaking bugs

Scripts copied from `ee/cis/` originals contained issues that would
cause failures when deployed via Fleet:

| Issue | Scripts affected | Impact |
|-------|-----------------|--------|
| Hardcoded `<username>` placeholder | CIS_6.1.1, CIS_6.3.6, CIS_2.11.1,
CIS_2.6.2 | Shell error — `<username>` parsed as redirect |
| Missing `chmod 0440` on sudoers drop-ins | CIS_5.4, CIS_5.5 | macOS
sudo silently ignores files without 0440 perms |
| `sudo IFS=$'\n'` doesn't set IFS in current shell | CIS_5.1.5,
CIS_5.1.6, CIS_5.1.7 | Word splitting breaks on paths with spaces |
| Unsafe temp files (`./tmp.txt` in CWD) | CIS_3.2, CIS_3.3, CIS_3.4 |
Race condition, fails in read-only CWD |
| Missing shebang | CIS_2.6.1.2 | May use wrong shell interpreter |
| `not_always_working` scripts with `<password>` | CIS_2.10.1,
CIS_2.10.2 | Could never work in automated deployment |

**Fix:** Rewrote scripts with dynamic user enumeration, `mktemp`, proper
IFS, `visudo` validation. Removed `not_always_working` scripts.

### 7. Policy YAML formatting bugs and spelling

- **Computer Browser policy** (win-10, win-11): `resolution: |` was on
the same line as description text, causing YAML to swallow the entire
resolution into the description — no remediation steps shown.
- **Set Time and Date policy** (macOS 13/14/15): Empty `description:`
parsed as `null`.
- 14 spelling errors across macOS and Windows YAML (`existance`,
`Extention` ×8, `recomendation`, `bellow`, `enableds`, `addess` ×2,
etc.)
- Filename inconsistencies: `on-device-dictiation-enabled` (typo),
`2.8.1.disable` (dots vs dashes)

---

## Verification methodology

Every CSP OMA-URI and Apple payload key was validated against official
vendor documentation:

| Category | Count | Source | Result |
|----------|-------|--------|--------|
| [Audit
CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-audit)
| 27 | Microsoft docs | 6 corrected |
| [UserRights
CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-userrights)
| 27 | Microsoft docs | All verified correct |
| [LocalPoliciesSecurityOptions
CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions)
| 27 | Microsoft docs | 1 format corrected |
| [Firewall
CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/firewall-csp)
| 14 | Microsoft docs | All correct (after path fix) |
| [Defender
CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender)
| 9 | Microsoft docs | All verified correct |
| [Apple
applicationaccess](https://github.com/apple/device-management/blob/release/mdm/profiles/com.apple.applicationaccess.yaml)
| 13 profiles | Apple device-management repo | 3 corrected |
| Fleet GitOps YAML | 1,857 policies | [Fleet GitOps
docs](https://fleetdm.com/docs/configuration/yaml-files) | 2 format bugs
fixed |
| Fleet XML format | 13 files |
[`docs/solutions/windows/`](https://github.com/fleetdm/fleet/tree/main/docs/solutions/windows/configuration-profiles)
| Reformatted to match |
| Fleet blocked CSPs | — | `server/fleet/windows_mdm.go` | No conflicts
|
| [#43598](https://github.com/fleetdm/fleet/issues/43598) glob bug | 305
files | Filename scan | No `*`, `?`, `[`, `{` in any filename |

## Commits

1. `89d9418` — Copy CIS benchmarks to docs/solutions/cis/ in
GitOps-compatible format
2. `bbabb13` — Restructure with policies/, configuration-profiles/,
scripts/ subdirs
3. `00004f4` — Promote test artifacts, add Contents to READMEs
4. `786591f` — Add configuration profiles and scripts to all CIS
benchmark platforms
5. `0a47a53` — Fix macOS scripts (username placeholders, sudoers perms,
IFS, temp files, shebang, dictation typo, remove broken scripts)
6. `4efbd40` — Reformat all 13 Windows XML profiles to Fleet's flat
Replace/Item format, fix Firewall CSP paths, fix SIDs
7. `f0abb66` — Fix 6 Audit CSP names: `LogonLogoff_` →
`AccountLogonLogoff_`
8. `bfb0f95` — Fix `SmartCardRemovalBehavior` format type (`int` →
`chr`)
9. `4cbb33e` — Fix 3 Apple Intelligence profiles (fabricated keys → real
Apple keys), fix YAML formatting bugs
10. `d3a0031` — Fix spelling (14 corrections), naming conventions,
policy-profile key alignment

## Current state

| Platform | Policies | Config Profiles | Scripts |
|----------|----------|-----------------|---------|
| macOS 13 | 1 YAML (111 policies) | 46 .mobileconfig | 43 .sh |
| macOS 14 | 1 YAML (111 policies) | 47 .mobileconfig | 43 .sh |
| macOS 15 | 1 YAML (113 policies) | 43 .mobileconfig | 44 .sh |
| Windows 10 | 1 YAML (510 policies) | 4 SyncML XML | 5 .ps1 |
| Windows 11 | 1 YAML (555 policies) | 4 SyncML XML | 5 .ps1 |
| Windows 11 Intune | 3 YAML (457 policies) | 5 SyncML XML | 2 .ps1 |

The source files in `ee/cis/` are intentionally left untouched.

https://claude.ai/code/session_01DUqJK6iJ8MWMdz2d25ZTNW

---------

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Adam Baali 2026-04-16 16:16:22 +02:00 committed by GitHub
parent be14f7c10d
commit 6d708ef67e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
305 changed files with 49963 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
docs/solutions/cis/macos-13/README.md Normal file
View file

@ -0,0 +1,45 @@
# macOS 13.0 Ventura benchmark
Fleet's policies have been written against v3.1.0 of the benchmark. You can refer to the [CIS website](https://www.cisecurity.org/cis-benchmarks) for full details about this version.
For requirements and usage details, see the [CIS Benchmarks](https://fleetdm.com/docs/using-fleet/cis-benchmarks) documentation.
### Contents
| Folder | Description |
|--------|-------------|
| `policies/` | GitOps-compatible policy YAML — import via `fleetctl apply` or reference with `- path:` in `fleet.yml` |
| `configuration-profiles/` | Apple `.mobileconfig` profiles — upload via Fleet UI or `fleetctl apply` to enforce the settings checked by the policies |
| `scripts/` | Shell scripts — upload via Fleet UI or `fleetctl apply` and link as `run_script` remediation in the corresponding policy |
### Limitations
The following CIS benchmarks cannot be checked with a policy in Fleet:
1. 2.1.2 Audit App Store Password Settings
2. 2.3.3.12 Ensure Computer Name Does Not Contain PII or Protected Organizational Information
3. 2.6.6 Audit Lockdown Mode
4. 2.11.2 Audit Touch ID and Wallet & Apple Pay Settings
5. 2.13.1 Audit Passwords System Preference Setting
6. 2.14.1 Audit Notification & Focus Settings
7. 3.7 Audit Software Inventory
8. 6.2.1 Ensure Protect Mail Activity in Mail Is Enabled
### Checks that require decision
CIS has left the parameters of the following checks up to the benchmark implementer. CIS recommends that an organization make a conscious decision for these benchmarks, but does not make a specific recommendation.
Fleet has provided both an "enabled" and "disabled" version of these benchmarks. When both policies are added, at least one will fail. Once your organization has made a decision, you can delete one or the other policy.
The policy will be appended with a `-enabled` or `-disabled` label, such as `2.1.1.1-enabled`.
- 2.1.1.1 Audit iCloud Keychain
- 2.1.1.2 Audit iCloud Drive
- 2.5.1 Audit Siri
- 2.8.1 Audit Universal Control
Furthermore, CIS has decided to not require the following password complexity settings:
- 5.2.3 Ensure Complex Password Must Contain Alphabetic Characters Is Configured
- 5.2.4 Ensure Complex Password Must Contain Numeric Character Is Configured
- 5.2.5 Ensure Complex Password Must Contain Special Character Is Configured
- 5.2.6 Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is Configured
However, Fleet has provided these as policies. If your organization declines to implement these, simply delete the corresponding policies.

37
docs/solutions/cis/macos-13/configuration-profiles/1.2.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.2.check</string>
<key>PayloadUUID</key>
<string>4DC539B5-837E-4DC3-B60B-43A8C556A8F0</string>
<key>AutomaticCheckEnabled</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Auto Update Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>03E69A02-02CE-4CA0-8F17-3BAAD5D3852F</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/1.3.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.3.check</string>
<key>PayloadUUID</key>
<string>5FDE6D58-79CD-447A-AFB0-BA32D889C396</string>
<key>AutomaticDownload</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Download New Updates When Available Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.3</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>0A1C2F97-D6FA-4CDB-ABB6-47DF2B151F4F</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/1.4.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.4.check</string>
<key>PayloadUUID</key>
<string>15BF7634-276A-411B-8C4E-52D89B4ED82C</string>
<key>AutomaticallyInstallMacOSUpdates</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Install of macOS Updates Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.4</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>7DB8733E-BD11-4E88-9AE0-273EF2D0974B</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/1.5.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.5.check</string>
<key>PayloadUUID</key>
<string>6B0285F8-5DB8-4F68-AA6E-2333CCD6CE04</string>
<key>AutomaticallyInstallAppUpdates</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Install Application Updates from the App Store Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.5</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>1C4C0EC4-64A7-4AF0-8807-A3DD44A6DC76</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

39
docs/solutions/cis/macos-13/configuration-profiles/1.6.mobileconfig Normal file
View file

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.6.check</string>
<key>PayloadUUID</key>
<string>0D8F676A-A705-4F57-8FF8-3118360EFDEB</string>
<key>ConfigDataInstall</key>
<true/>
<key>CriticalUpdateInstall</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Install Security Responses and System Files Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.6</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>EBEE9B81-9D33-477F-AFBE-9691360B7A74</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/1.7.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.7.check</string>
<key>PayloadUUID</key>
<string>123FD592-D1C3-41FD-BC41-F91F3E1E2CF4</string>
<key>enforcedSoftwareUpdateDelay</key>
<integer>29</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Software Update Deferment Is Less Than or Equal to 30 Days</string>
<key>PayloadIdentifier</key>
<string>com.zwass.cis-1.7</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>385A0C13-2472-41B3-851C-1311FA12EB49</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.1.1.1-enable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.1.check-enable</string>
<key>PayloadUUID</key>
<string>68D8C498-FB81-4262-9EF4-E689B5A6B40F</string>
<key>allowCloudKeychainSync</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure iCloud Keychain is enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.1-enable</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>EE1BA83A-E145-4F5B-9597-836DC357BBE7</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.1.1.2-disable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.2.check-disable</string>
<key>PayloadUUID</key>
<string>1028E002-9AFE-446A-84E0-27DA5DA39B4A</string>
<key>allowCloudDocumentSync</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Disable iCloud Drive storage solution usage</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.2-disable</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>7B3DE4EA-0AFA-44F5-9716-37526EE441EA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.1.1.2-enable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.2.check-enable</string>
<key>PayloadUUID</key>
<string>8618AA0E-B6AC-4D1C-AE01-C46956EC1926</string>
<key>allowCloudDocumentSync</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Enable iCloud Drive storage solution usage</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.2-enable</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>2C2FC587-14E8-4A52-98B5-30BA1C975BBA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.1.1.3.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.3.check</string>
<key>PayloadUUID</key>
<string>5F0EF767-200C-4E10-A43D-04204A4A8E06</string>
<key>allowCloudDesktopAndDocuments</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure iCloud Drive Document and Desktop Sync Is Disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.3</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>2EAF168E-3DC9-4375-AA37-501EDB3C8422</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.10.3.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.loginwindow</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.10.3.check</string>
<key>PayloadUUID</key>
<string>3E4C4ED8-ADB6-4EFB-8198-58027B94DF86</string>
<key>LoginwindowText</key>
<string>Some Test Message</string>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure a Custom Message for the Login Screen Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.10.3</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>9359CA59-D3C1-4A0D-8595-9E5F1F0CAE12</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.12.3.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.loginwindow</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.12.3.check</string>
<key>PayloadUUID</key>
<string>CB576629-19E2-4649-84FC-C007826732A0</string>
<key>com.apple.login.mcx.DisableAutoLoginClient</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Automatic Login Is Disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.12.3</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>0AEDE730-9466-47D1-B322-3C6F325B3737</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.2.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.security.firewall</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.2.1.check</string>
<key>PayloadUUID</key>
<string>D12965C1-12BD-4CAD-A55A-E7F020B0DAAF</string>
<key>EnableFirewall</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Firewall Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.2.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F0BFF592-1CB7-4922-B2D4-583415DC4A0B</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

39
docs/solutions/cis/macos-13/configuration-profiles/2.2.2.mobileconfig Normal file
View file

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.security.firewall</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.2.2.check</string>
<key>PayloadUUID</key>
<string>2D2A07FB-3700-4ED8-AF06-6A2213F4C634</string>
<key>EnableFirewall</key>
<true/>
<key>EnableStealthMode</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Firewall Stealth Mode Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.2.2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>E0B831D6-F214-4F1F-967C-B75B38B26708</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.3.1.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.1.1.check</string>
<key>PayloadUUID</key>
<string>22F2E52E-E593-40F7-8635-E067EDEE4F60</string>
<key>allowAirDrop</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure AirDrop Is Disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.1.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>55DC048E-1490-4A26-8A97-4A4EA91A7302</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.3.1.2.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.1.2.check</string>
<key>PayloadUUID</key>
<string>BF58FD50-E4EC-4427-A549-1BCD7B88FCEB</string>
<key>allowAirPlayIncomingRequests</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure AirPlay Receiver Is Disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.1.2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>633BD4E3-849E-485E-A784-AA80D86E83A3</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.3.2.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.2.1.check</string>
<key>PayloadUUID</key>
<string>C5CFF95F-7E77-4B0E-8136-2729A481D60A</string>
<key>forceAutomaticDateAndTime</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Set Time and Date Automatically Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.2.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>CEA7E3A6-E5DF-4A93-ABB7-45F36BF3D3E8</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

41
docs/solutions/cis/macos-13/configuration-profiles/2.3.3.10.mobileconfig Normal file
View file

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.preferences.sharing.SharingPrefsExtension</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.3.10-check</string>
<key>PayloadUUID</key>
<string>DC34D1FA-3D14-4AEA-844B-FDEC49CD73BB</string>
<key>homeSharingUIStatus</key>
<integer>0</integer>
<key>legacySharingUIStatus</key>
<integer>0</integer>
<key>mediaSharingUIStatus</key>
<integer>0</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Media Sharing is Disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.3.10</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>9FD8A0FB-2F7C-41C4-A3FB-90E953BCD433</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.3.3.9.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.3.9.check</string>
<key>PayloadUUID</key>
<string>85956359-CF0A-46C8-BD7C-26060ABB9119</string>
<key>allowContentCaching</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Content Caching Is Disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.3.3.9</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>AA4372B4-5D36-4660-A2FC-07067C94A91F</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.4.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.controlcenter</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.4.1.check</string>
<key>PayloadUUID</key>
<string>B97CBDF6-1EB7-424C-86DE-E11892B223F3</string>
<key>WiFi</key>
<integer>18</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Show Wi-Fi status in Menu Bar Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.4.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>2357BB9E-FD15-4E1D-A1CC-12C7798E1483</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.4.2.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.controlcenter</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.4.2.check</string>
<key>PayloadUUID</key>
<string>FC6045C3-FFD7-4C0A-A3D5-ED0ADB9FF391</string>
<key>Bluetooth</key>
<integer>18</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Show Bluetooth Status in Menu Bar Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.4.2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F997FFD6-7E39-48C7-A451-B12A79B6FA22</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.5.1-disable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.5.1.check-disable</string>
<key>PayloadUUID</key>
<string>4B56DF79-ECAF-4175-AACC-95F08A980B6C</string>
<key>allowAssistant</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Disable Siri</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.5.1-disable</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>FB3E1980-5FE2-4C8F-BCF8-6FFF4117C962</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.5.1-enable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.5.1.check-enable</string>
<key>PayloadUUID</key>
<string>DC0652C5-E996-408F-84A0-9F09657FD771</string>
<key>allowAssistant</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Enable Siri</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.5.1-enable</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F5001E34-CC4D-4951-A7A3-A95DC02F0090</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.6.1.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.locationd</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.1.1.check</string>
<key>PayloadUUID</key>
<string>25D6B210-E8BB-465F-94D7-474073F4A892</string>
<key>LocationServicesEnabled</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Location Services Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.1.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8FC698D7-9EF8-427E-8E52-4B928A7437B0</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.6.2-part1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.2-part1.check</string>
<key>PayloadUUID</key>
<string>9A6BF497-B715-453A-A7F7-D27C325EB5B3</string>
<key>allowDiagnosticSubmission</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 1)</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.2-part1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>7D03459B-AA53-41AB-85C4-AAED7CE95EE9</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.6.2-part2.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SubmitDiagInfo</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.2-part2.check</string>
<key>PayloadUUID</key>
<string>756EF527-5F37-4685-9A0F-21B596D1F895</string>
<key>AutoSubmit</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 2)</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.2-part2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>C720744B-BBF2-4FE2-B8A9-4638CECC8BB2</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.6.2-part3.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.2-part3.check</string>
<key>PayloadUUID</key>
<string>0FD378F2-B497-42D9-AEAE-C58D855E56FD</string>
<key>Siri Data Sharing Opt-In Status</key>
<integer>2</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 3)</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.2-part3</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>49A101C5-3401-47E7-90AF-9071D4D65E5D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.6.3.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.3.check</string>
<key>PayloadUUID</key>
<string>6C5400FF-BBB3-471F-B139-59D86ADA9A3A</string>
<key>allowApplePersonalizedAdvertising</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Limit Ad Tracking Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.3</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>C215AA26-C3D0-4A77-B884-8B8C918FD197</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

39
docs/solutions/cis/macos-13/configuration-profiles/2.6.4.mobileconfig Normal file
View file

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.systempolicy.control</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.4.check</string>
<key>PayloadUUID</key>
<string>D9E7B5EA-8DA3-4AF1-99CD-30ED18EF47F1</string>
<key>EnableAssessment</key>
<true/>
<key>AllowIdentifiedDevelopers</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Gatekeeper Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.4</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>1991574F-155E-4FC1-AD47-FDC4DC3B07B4</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.6.5.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.MCX</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.5.check</string>
<key>PayloadUUID</key>
<string>D56F90DC-6F90-4BEB-8D0F-263D062EC612</string>
<key>dontAllowFDEDisable</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure FileVault Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.6.5</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>804CCF1F-2814-4B73-95EE-DB0B4FF67103</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.8.1-disable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.universalcontrol</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.8.1.check-disabled</string>
<key>PayloadUUID</key>
<string>A6481AEB-354C-4718-9E01-B4562C7F341A</string>
<key>Disable</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Universal Control is disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.8.1-disabled</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8EA6B5B4-A0EF-49B3-8A6E-C8F02C27456B</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/2.8.1-enable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.universalcontrol</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.8.1.check-enabled</string>
<key>PayloadUUID</key>
<string>F39058CB-027B-453D-B2DF-414F9B84D241</string>
<key>Disable</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Universal Control is enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.8.1-enabled</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>ECC41516-FFD8-4321-9696-63B1939CB956</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

41
docs/solutions/cis/macos-13/configuration-profiles/3.6.mobileconfig Normal file
View file

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.security.firewall</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-3.6.check</string>
<key>PayloadUUID</key>
<string>604D8218-D7B6-43B1-95E6-DFCA4C25D73D</string>
<key>EnableFirewall</key>
<true/>
<key>EnableLogging</key>
<true/>
<key>LoggingOption</key>
<string>detail</string>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Firewall Logging Is Enabled and Configured</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-3.6</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>5E27501E-50DF-4804-9DEC-0E63C34E8831</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/4.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.mDNSResponder</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-4.1.check</string>
<key>PayloadUUID</key>
<string>08FEA43B-CE9B-4098-804C-11459D109992</string>
<key>NoMulticastAdvertisements</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Bonjour Advertising Services Is Disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-4.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>25BD1312-2B79-40C7-99FA-E60B49A1883E</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/5.2.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.mobiledevice.passwordpolicy</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.1.check</string>
<key>PayloadUUID</key>
<string>749F9F38-7AD2-4FC6-8F88-672F3AB79F82</string>
<key>maxFailedAttempts</key>
<integer>5</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Password Account Lockout Threshold Is Configured</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F886BF2C-12D2-428B-BCF0-55823908F426</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/5.2.2.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.mobiledevice.passwordpolicy</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.2.check</string>
<key>PayloadUUID</key>
<string>A7C54C32-6519-4335-A673-B20D3015B432</string>
<key>minLength</key>
<integer>15</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Password Minimum Length Is Configured</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>415F567D-83F4-4AB5-BCFA-7AC8B707DCFD</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/5.2.3-and-5.2.4.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.mobiledevice.passwordpolicy</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.3-and-5.2.4.check</string>
<key>PayloadUUID</key>
<string>207388F7-0144-4518-9CCD-9E488EF9C5D7</string>
<key>requireAlphanumeric</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Require AlphaNumeric characters in password</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.3-and-5.2.4</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>19BDCDC8-7E9E-48A6-9468-F87EE865F677</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/5.2.5.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.mobiledevice.passwordpolicy</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.5.check</string>
<key>PayloadUUID</key>
<string>46BD11BD-116C-4E95-9575-6EDFDE0F110F</string>
<key>minComplexChars</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Require Special characters in password</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.5</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>C8CEE953-50F3-48E6-B462-FA98D931A906</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/5.2.7.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.mobiledevice.passwordpolicy</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.7.check</string>
<key>PayloadUUID</key>
<string>F5515451-97EC-4CCB-B442-CDF0C546BC27</string>
<key>maxPINAgeInDays</key>
<integer>365</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Password Age Is Configured</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.7</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>AEF56396-50CC-4E5A-9C6D-CBAE6A5E13B5</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/5.2.8.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.mobiledevice.passwordpolicy</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.8.check</string>
<key>PayloadUUID</key>
<string>5227E361-F971-44B3-B706-B04BA0D3B186</string>
<key>pinHistory</key>
<integer>15</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Password History Is Configured</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-5.2.8</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>0AD34391-5C19-4229-AA10-EB6A169D15EB</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/6.3.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.Safari</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.1.check</string>
<key>PayloadUUID</key>
<string>3CAAC721-D492-45AC-95E4-8ECBF81EA21E</string>
<key>AutoOpenSafeDownloads</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Automatic Opening of Safe Files in Safari Is Disabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>2556F162-9AE5-4163-92C1-F89A2847C80E</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

38
docs/solutions/cis/macos-13/configuration-profiles/6.3.2.mobileconfig Normal file
View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.Safari</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.2.check</string>
<key>PayloadUUID</key>
<string>61BC98A2-9482-4EB3-9184-FB6A8B8E33E8</string>
<key>HistoryAgeInDaysLimit</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Audit History and Remove History Items</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>1D6C407D-8C28-4BDC-9837-DF5ED49E8059</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/6.3.3.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.Safari</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.3.check</string>
<key>PayloadUUID</key>
<string>AA1CF4AE-446C-41B0-8B06-ADEAEF9F0505</string>
<key>WarnAboutFraudulentWebsites</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.3</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>130308F8-916A-449D-9711-34A31DCCD39D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

41
docs/solutions/cis/macos-13/configuration-profiles/6.3.4.mobileconfig Normal file
View file

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.Safari</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.4.check</string>
<key>PayloadUUID</key>
<string>E0560069-04EF-4985-815E-987A304F8EB7</string>
<key>BlockStoragePolicy</key>
<integer>2</integer>
<key>WebKitPreferences.storageBlockingPolicy</key>
<integer>1</integer>
<key>WebKitStorageBlockingPolicy</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Prevent Cross-site Tracking in Safari Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.4</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>E1D04566-15CE-458C-A0D1-5F6C7B9A6472</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/6.3.7.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.Safari</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.7.check</string>
<key>PayloadUUID</key>
<string>A78B534C-0E6D-46C0-97F1-D50178AC5AD0</string>
<key>ShowFullURLInSmartSearchField</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Show Full Website Address in Safari Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.3.7</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>5A412D8E-5951-42A3-95ED-BD82AD6D3038</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-13/configuration-profiles/6.4.1.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.Terminal</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.4.1.check</string>
<key>PayloadUUID</key>
<string>E8D36749-D7F8-4280-9B17-D6224B67B63B</string>
<key>SecureKeyboardEntry</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Secure Keyboard Entry Terminal.app Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-6.4.1</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>D4C0B4CC-D39A-4F0F-AF8A-AB5A73D02B3F</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

3235
docs/solutions/cis/macos-13/policies/cis-policy-queries.yml Normal file
View file

File diff suppressed because it is too large Load diff

3
docs/solutions/cis/macos-13/scripts/CIS_2.10.3.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Test Message 1"

3
docs/solutions/cis/macos-13/scripts/CIS_2.10.4.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true

3
docs/solutions/cis/macos-13/scripts/CIS_2.10.5.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -int 0

11
docs/solutions/cis/macos-13/scripts/CIS_2.11.1.sh Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
# CIS - Ensure No Login Items Exist With Passwords in User Keychain
# Removes password hints for all local user accounts.
for username in $(dscl . -list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
# Remove the hint attribute if it exists
if dscl . -read "/Users/$username" hint &>/dev/null; then
sudo dscl . -delete "/Users/$username" hint
fi
done

4
docs/solutions/cis/macos-13/scripts/CIS_2.12.1.sh Executable file
View file

@ -0,0 +1,4 @@
#!/bin/bash
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool false
sudo /usr/bin/defaults write /Library/Preferences/com.apple.MCX DisableGuestAccount -bool true

9
docs/solutions/cis/macos-13/scripts/CIS_2.12.2.sh Executable file
View file

@ -0,0 +1,9 @@
#!/bin/bash
/usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess off
# For testing
# Get Status: /usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess status
# Set to enabled: /usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess on

3
docs/solutions/cis/macos-13/scripts/CIS_2.12.3.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
sudo /usr/bin/defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser

3
docs/solutions/cis/macos-13/scripts/CIS_2.3.3.1.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /bin/launchctl disable system/com.apple.ODSAgent

3
docs/solutions/cis/macos-13/scripts/CIS_2.3.3.2.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /bin/launchctl disable system/com.apple.screensharing

3
docs/solutions/cis/macos-13/scripts/CIS_2.3.3.3.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /bin/launchctl disable system/com.apple.smbd

3
docs/solutions/cis/macos-13/scripts/CIS_2.3.3.4.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /usr/sbin/cupsctl --no-share-printers

3
docs/solutions/cis/macos-13/scripts/CIS_2.3.3.5.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /bin/launchctl disable system/com.openssh.sshd

3
docs/solutions/cis/macos-13/scripts/CIS_2.3.3.6.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop

3
docs/solutions/cis/macos-13/scripts/CIS_2.3.3.7.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /usr/sbin/systemsetup -setremoteappleevents off

3
docs/solutions/cis/macos-13/scripts/CIS_2.3.3.8.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict Enabled -int 0

8
docs/solutions/cis/macos-13/scripts/CIS_2.3.4.1.sh Executable file
View file

@ -0,0 +1,8 @@
#!/bin/bash
# NOTE(lucas): I was not able to set `com.apple.TimeMachine`'s `AutoBackup` via a configuration profile.
# I tried the profile method documented on the CIS Benchmarks document and after applying it successfully
# it did not update the value of `AutoBackup`.
#
# So for now we are using the following shell command to enable automatic backup of Time Machine destinations.
/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine.plist AutoBackup -bool true

4
docs/solutions/cis/macos-13/scripts/CIS_2.6.1.2.sh Executable file
View file

@ -0,0 +1,4 @@
#!/bin/bash
# CIS - Ensure Location Services Is Enabled
sudo /usr/bin/defaults write /Library/Preferences/com.apple.locationmenu.plist ShowSystemServices -bool true

16
docs/solutions/cis/macos-13/scripts/CIS_2.6.2.sh Normal file
View file

@ -0,0 +1,16 @@
#!/bin/bash
# CIS - Ensure Sending Diagnostic and Usage Data to Apple Is Disabled
# Part 1: System-level diagnostic settings
sudo /usr/bin/defaults write "/Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist" AutoSubmit -bool false
sudo /usr/bin/defaults write "/Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist" ThirdPartyDataSubmit -bool false
sudo /bin/chmod 644 "/Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist"
sudo /usr/sbin/chgrp admin "/Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist"
# Part 2: Per-user Siri data sharing opt-out
for username in $(dscl . -list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
home_dir=$(dscl . -read "/Users/$username" NFSHomeDirectory 2>/dev/null | awk '{print $2}')
if [ -d "$home_dir" ]; then
sudo -u "$username" /usr/bin/defaults write "$home_dir/Library/Preferences/com.apple.assistant.support" "Siri Data Sharing Opt-In Status" -int 2
fi
done

3
docs/solutions/cis/macos-13/scripts/CIS_2.6.4.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
sudo /usr/sbin/spctl --master-enable

6
docs/solutions/cis/macos-13/scripts/CIS_2.6.7.sh Normal file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env bash
set -eu
sudo security authorizationdb read system.preferences > /tmp/system.preferences.plist
defaults write /tmp/system.preferences.plist shared -bool false
sudo security authorizationdb write system.preferences < /tmp/system.preferences.plist

9
docs/solutions/cis/macos-13/scripts/CIS_2.7.1.sh Normal file
View file

@ -0,0 +1,9 @@
#!/bin/bash
# Set corner action to 0 (no-op).
# If you wish to not comply with the policy, set any of them to 6.
/usr/bin/sudo -u $USER /usr/bin/defaults write com.apple.dock wvous-br-corner -integer 0
/usr/bin/sudo -u $USER /usr/bin/defaults write com.apple.dock wvous-bl-corner -integer 0
/usr/bin/sudo -u $USER /usr/bin/defaults write com.apple.dock wvous-tr-corner -integer 0
/usr/bin/sudo -u $USER /usr/bin/defaults write com.apple.dock wvous-tl-corner -integer 0

3
docs/solutions/cis/macos-13/scripts/CIS_2.9.1.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /usr/bin/pmset -a powernap 0

3
docs/solutions/cis/macos-13/scripts/CIS_2.9.2.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /usr/bin/pmset -a womp 0

15
docs/solutions/cis/macos-13/scripts/CIS_2.9.3.sh Executable file
View file

@ -0,0 +1,15 @@
#!/bin/bash
if [[ $(uname -m) == 'arm64' ]]; then
# Apple silicon
/usr/bin/sudo /usr/bin/pmset -a standby 900
/usr/bin/sudo /usr/bin/pmset -a destroyfvkeyonstandby 1
/usr/bin/sudo /usr/bin/pmset -a hibernatemode 25
else
# Intel
/usr/bin/sudo /usr/bin/pmset -a standbydelaylow 900
/usr/bin/sudo /usr/bin/pmset -a standbydelayhigh 900
/usr/bin/sudo /usr/bin/pmset -a highstandbythreshold 90
/usr/bin/sudo /usr/bin/pmset -a destroyfvkeyonstandby 1
/usr/bin/sudo /usr/bin/pmset -a hibernatemode 25
fi

7
docs/solutions/cis/macos-13/scripts/CIS_3.1.sh Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
/usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist
# For Testing: After the above command executed:
# This will stop the service: /usr/bin/sudo /bin/launchctl stop com.apple.auditd
# This will start the service: /usr/bin/sudo /bin/launchctl start com.apple.auditd

12
docs/solutions/cis/macos-13/scripts/CIS_3.2.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
# CIS - Ensure Security Auditing Flags Are Configured Per Local Organizational Requirements
# Sets audit flags to: -fm,ad,-ex,aa,-fr,lo,-fw
AUDIT_CONTROL="/etc/security/audit_control"
tmpfile=$(mktemp)
trap 'rm -f "$tmpfile"' EXIT
cp "$AUDIT_CONTROL" "$tmpfile"
origFlags=$(grep 'flags:' "$tmpfile" | grep -v 'naflags')
sed "s/${origFlags}/flags:-fm,ad,-ex,aa,-fr,lo,-fw/" "$tmpfile" | sudo tee "$AUDIT_CONTROL" > /dev/null

11
docs/solutions/cis/macos-13/scripts/CIS_3.3.sh Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
# CIS - Ensure install.log Is Retained for 365 or More Days
# Removes any all_max= setting from /etc/asl/com.apple.install
tmpfile=$(mktemp)
trap 'rm -f "$tmpfile"' EXIT
# Remove all_max= entries (both M and G suffixes)
sudo sed -E 's/all_max=[0-9]+[MG]//g' /etc/asl/com.apple.install > "$tmpfile"
sudo cp "$tmpfile" /etc/asl/com.apple.install

23
docs/solutions/cis/macos-13/scripts/CIS_3.4.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/bash
# CIS - Ensure Security Auditing Retention Is Configured
# Sets audit retention to: expire-after:60d OR 5G
AUDIT_CONTROL="/etc/security/audit_control"
tmpfile=$(mktemp)
trap 'rm -f "$tmpfile"' EXIT
cp "$AUDIT_CONTROL" "$tmpfile"
origExpire=$(grep 'expire-after' "$tmpfile")
sed "s/${origExpire}/expire-after:60d OR 5G/" "$tmpfile" | sudo tee "$AUDIT_CONTROL" > /dev/null
# Explanation:
# In your /etc/security/audit_control, look for a line starting at: expire-after
# SHOULD PASS: expire-after:60d OR 5G
# SHOULD PASS: expire-after:61d OR 5G
# SHOULD PASS: expire-after:60d OR 6G
# SHOULD PASS: expire-after:61d OR 6G
# SHOULD FAIL: expire-after:60d (no size component)
# SHOULD FAIL: expire-after:5G (no time component)
# SHOULD FAIL: expire-after:59d OR 5G
# SHOULD FAIL: expire-after:60d OR 4G

7
docs/solutions/cis/macos-13/scripts/CIS_3.5.sh Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
/usr/bin/sudo /usr/sbin/chown -R root:wheel /etc/security/audit_control
/usr/bin/sudo /bin/chmod -R o-rw /etc/security/audit_control
/usr/bin/sudo /usr/sbin/chown -R root:wheel /var/audit/
/usr/bin/sudo /bin/chmod -R o-rw /var/audit/

3
docs/solutions/cis/macos-13/scripts/CIS_4.2.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist

4
docs/solutions/cis/macos-13/scripts/CIS_4.3.sh Executable file
View file

@ -0,0 +1,4 @@
#!/bin/bash
/usr/bin/sudo /bin/launchctl disable system/com.apple.nfsd
/usr/bin/sudo /bin/rm /etc/exports

5
docs/solutions/cis/macos-13/scripts/CIS_5.1.1.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
for i in $(/usr/bin/sudo dscl . list /Users | grep -v "^_"); do
/usr/bin/sudo /bin/chmod -R og-rwx /Users/"$i"
done

9
docs/solutions/cis/macos-13/scripts/CIS_5.1.5.sh Executable file
View file

@ -0,0 +1,9 @@
#!/bin/bash
# CIS - Ensure No World Writable Folders Exist in the Applications Folder
IFS=$'\n'
for apps in $(/usr/bin/find /Applications -iname "*.app" -type d -perm -2); do
sudo /bin/chmod -R o-w "$apps"
done
unset IFS

9
docs/solutions/cis/macos-13/scripts/CIS_5.1.6.sh Executable file
View file

@ -0,0 +1,9 @@
#!/bin/bash
# CIS - Ensure No World Writable Folders Exist in the System Folder
IFS=$'\n'
for sysPermissions in $(/usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -v "Drop Box"); do
sudo /bin/chmod -R o-w "$sysPermissions"
done
unset IFS

9
docs/solutions/cis/macos-13/scripts/CIS_5.1.7.sh Executable file
View file

@ -0,0 +1,9 @@
#!/bin/bash
# CIS - Ensure No World Writable Folders Exist in the Library Folder
IFS=$'\n'
for libPermissions in $(/usr/bin/find /System/Volumes/Data/Library -type d -perm -2 | /usr/bin/grep -v Caches | /usr/bin/grep -v /Preferences/Audio/Data); do
sudo /bin/chmod -R o-w "$libPermissions"
done
unset IFS

3
docs/solutions/cis/macos-13/scripts/CIS_5.10.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /bin/rm -R /Users/Guest

17
docs/solutions/cis/macos-13/scripts/CIS_5.4.sh Normal file
View file

@ -0,0 +1,17 @@
#!/bin/bash
# CIS - Ensure a Separate Timestamp Is Not Used for Each User-tty Combo
# Sets sudo timeout to 0 (require password every time).
SUDOERS_FILE="/etc/sudoers.d/CIS_54_sudoconfiguration"
echo 'Defaults timestamp_timeout=0' | sudo tee "$SUDOERS_FILE" > /dev/null
sudo /bin/chmod 0440 "$SUDOERS_FILE"
sudo /usr/sbin/chown root:wheel "$SUDOERS_FILE"
# Validate syntax
if ! sudo /usr/sbin/visudo -cf "$SUDOERS_FILE"; then
echo "ERROR: sudoers syntax check failed. Removing invalid configuration."
sudo /bin/rm -f "$SUDOERS_FILE"
exit 1
fi

17
docs/solutions/cis/macos-13/scripts/CIS_5.5.sh Normal file
View file

@ -0,0 +1,17 @@
#!/bin/bash
# CIS - Ensure a Separate Timestamp Is Used for Each User-tty Combo
# Sets sudo timestamp_type to tty (per-terminal authentication).
SUDOERS_FILE="/etc/sudoers.d/CIS_55_sudoconfiguration"
echo 'Defaults timestamp_type=tty' | sudo tee "$SUDOERS_FILE" > /dev/null
sudo /bin/chmod 0440 "$SUDOERS_FILE"
sudo /usr/sbin/chown root:wheel "$SUDOERS_FILE"
# Validate syntax
if ! sudo /usr/sbin/visudo -cf "$SUDOERS_FILE"; then
echo "ERROR: sudoers syntax check failed. Removing invalid configuration."
sudo /bin/rm -f "$SUDOERS_FILE"
exit 1
fi

3
docs/solutions/cis/macos-13/scripts/CIS_5.6.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /usr/sbin/dsenableroot -d

3
docs/solutions/cis/macos-13/scripts/CIS_5.7.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
/usr/bin/sudo /usr/bin/security authorizationdb write system.login.screensaver use-login-window-ui

5
docs/solutions/cis/macos-13/scripts/CIS_5.8.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
echo "Content of the banner" | sudo tee /Library/Security/PolicyBanner.txt
/usr/bin/sudo /usr/sbin/chown root:wheel /Library/Security/PolicyBanner.txt
/usr/bin/sudo /bin/chmod o+r /Library/Security/PolicyBanner.txt

11
docs/solutions/cis/macos-13/scripts/CIS_6.1.1.sh Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
# CIS - Ensure Show All Filename Extensions Setting is Enabled
# Applies AppleShowAllExtensions for all local user accounts.
for username in $(dscl . -list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
home_dir=$(dscl . -read "/Users/$username" NFSHomeDirectory 2>/dev/null | awk '{print $2}')
if [ -d "$home_dir" ]; then
/usr/bin/sudo -u "$username" /usr/bin/defaults write "$home_dir/Library/Preferences/.GlobalPreferences.plist" AppleShowAllExtensions -bool true
fi
done

12
docs/solutions/cis/macos-13/scripts/CIS_6.3.6.sh Normal file
View file

@ -0,0 +1,12 @@
#!/bin/bash
# CIS - Ensure Safari Advertising Privacy Protection Is Enabled
# Applies privateClickMeasurementEnabled for all local user accounts.
for username in $(dscl . -list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
home_dir=$(dscl . -read "/Users/$username" NFSHomeDirectory 2>/dev/null | awk '{print $2}')
pref_path="$home_dir/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari"
if [ -d "$home_dir" ]; then
/usr/bin/sudo -u "$username" /usr/bin/defaults write "$pref_path" WebKitPreferences.privateClickMeasurementEnabled -bool true
fi
done

45
docs/solutions/cis/macos-14/README.md Normal file
View file

@ -0,0 +1,45 @@
# macOS 14 Sonoma benchmark
Fleet's policies have been written against v2.1.0 of the benchmark. You can refer to the [CIS website](https://www.cisecurity.org/cis-benchmarks) for full details about this version.
For requirements and usage details, see the [CIS Benchmarks](https://fleetdm.com/docs/using-fleet/cis-benchmarks) documentation.
### Contents
| Folder | Description |
|--------|-------------|
| `policies/` | GitOps-compatible policy YAML — import via `fleetctl apply` or reference with `- path:` in `fleet.yml` |
| `configuration-profiles/` | Apple `.mobileconfig` profiles — upload via Fleet UI or `fleetctl apply` to enforce the settings checked by the policies |
| `scripts/` | Shell scripts — upload via Fleet UI or `fleetctl apply` and link as `run_script` remediation in the corresponding policy |
### Limitations
The following CIS benchmarks cannot be checked with a policy in Fleet:
1. 2.1.2 Audit App Store Password Settings
2. 2.3.3.12 Ensure Computer Name Does Not Contain PII or Protected Organizational Information
3. 2.6.6 Audit Lockdown Mode
4. 2.11.2 Audit Touch ID and Wallet & Apple Pay Settings
5. 2.13.1 Audit Passwords System Preference Setting
6. 2.14.1 Audit Notification & Focus Settings
7. 3.7 Audit Software Inventory
8. 6.2.1 Ensure Protect Mail Activity in Mail Is Enabled
### Checks that require decision
CIS has left the parameters of the following checks up to the benchmark implementer. CIS recommends that an organization make a conscious decision for these benchmarks, but does not make a specific recommendation.
Fleet has provided both an "enabled" and "disabled" version of these benchmarks. When both policies are added, at least one will fail. Once your organization has made a decision, you can delete one or the other policy.
The policy will be appended with a `-enabled` or `-disabled` label, such as `2.1.1.1-enabled`.
- 2.1.1.1 Audit iCloud Keychain
- 2.1.1.2 Audit iCloud Drive
- 2.5.1 Audit Siri
- 2.8.1 Audit Universal Control
Furthermore, CIS has decided to not require the following password complexity settings:
- 5.2.3 Ensure Complex Password Must Contain Alphabetic Characters Is Configured
- 5.2.4 Ensure Complex Password Must Contain Numeric Character Is Configured
- 5.2.5 Ensure Complex Password Must Contain Special Character Is Configured
- 5.2.6 Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is Configured
However, Fleet has provided these as policies. If your organization declines to implement these, simply delete the corresponding policies.

37
docs/solutions/cis/macos-14/configuration-profiles/1.2.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.2.check</string>
<key>PayloadUUID</key>
<string>4DC539B5-837E-4DC3-B60B-43A8C556A8F0</string>
<key>AutomaticCheckEnabled</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Auto Update Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.2</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>03E69A02-02CE-4CA0-8F17-3BAAD5D3852F</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-14/configuration-profiles/1.3.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.3.check</string>
<key>PayloadUUID</key>
<string>5FDE6D58-79CD-447A-AFB0-BA32D889C396</string>
<key>AutomaticDownload</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Download New Updates When Available Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.3</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>0A1C2F97-D6FA-4CDB-ABB6-47DF2B151F4F</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-14/configuration-profiles/1.4.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.4.check</string>
<key>PayloadUUID</key>
<string>15BF7634-276A-411B-8C4E-52D89B4ED82C</string>
<key>AutomaticallyInstallMacOSUpdates</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Install of macOS Updates Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.4</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>7DB8733E-BD11-4E88-9AE0-273EF2D0974B</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-14/configuration-profiles/1.5.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.5.check</string>
<key>PayloadUUID</key>
<string>6B0285F8-5DB8-4F68-AA6E-2333CCD6CE04</string>
<key>AutomaticallyInstallAppUpdates</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Install Application Updates from the App Store Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.5</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>1C4C0EC4-64A7-4AF0-8807-A3DD44A6DC76</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

39
docs/solutions/cis/macos-14/configuration-profiles/1.6.mobileconfig Normal file
View file

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.6.check</string>
<key>PayloadUUID</key>
<string>0D8F676A-A705-4F57-8FF8-3118360EFDEB</string>
<key>ConfigDataInstall</key>
<true/>
<key>CriticalUpdateInstall</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Install Security Responses and System Files Is Enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.6</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>EBEE9B81-9D33-477F-AFBE-9691360B7A74</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-14/configuration-profiles/1.7.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.7.check</string>
<key>PayloadUUID</key>
<string>123FD592-D1C3-41FD-BC41-F91F3E1E2CF4</string>
<key>enforcedSoftwareUpdateDelay</key>
<integer>29</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure Software Update Deferment Is Less Than or Equal to 30 Days</string>
<key>PayloadIdentifier</key>
<string>com.zwass.cis-1.7</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>385A0C13-2472-41B3-851C-1311FA12EB49</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-14/configuration-profiles/2.1.1.1-enable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.1.check-enable</string>
<key>PayloadUUID</key>
<string>68D8C498-FB81-4262-9EF4-E689B5A6B40F</string>
<key>allowCloudKeychainSync</key>
<true/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Ensure iCloud Keychain is enabled</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.1-enable</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>EE1BA83A-E145-4F5B-9597-836DC357BBE7</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

37
docs/solutions/cis/macos-14/configuration-profiles/2.1.1.2-disable.mobileconfig Normal file
View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.2.check-disable</string>
<key>PayloadUUID</key>
<string>1028E002-9AFE-446A-84E0-27DA5DA39B4A</string>
<key>allowCloudDocumentSync</key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string>Disable iCloud Drive storage solution usage</string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-2.1.1.2-disable</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>7B3DE4EA-0AFA-44F5-9716-37526EE441EA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

Some files were not shown because too many files have changed in this diff Show more