diff --git a/ee/cis/macos-13/cis-policy-queries.yml b/ee/cis/macos-13/cis-policy-queries.yml
index e5efb926d4..91edff7aa1 100644
--- a/ee/cis/macos-13/cis-policy-queries.yml
+++ b/ee/cis/macos-13/cis-policy-queries.yml
@@ -1508,4 +1508,35 @@ spec:
     );
   purpose: Informational
   tags: compliance, CIS, CIS_Level1, CIS5.7
-  contributors: lucasmrod
\ No newline at end of file
+  contributors: lucasmrod
+---
+apiVersion: v1
+kind: policy
+spec:
+  name: CIS - Ensure Show All Filename Extensions Setting is Enabled
+  platforms: macOS
+  platform: darwin
+  description: |
+    A filename extension is a suffix added to a base filename that indicates the base filename's
+    file format. Visible filename extensions allow the user to identify the file type and the
+    application it is associated with which leads to quick identification of misrepresented malicious files.
+  resolution: |
+    Automated method:
+    Ask your system administrator to deploy a script that will ensure Show All Filename Extensions Setting is Enabled
+        For each user run:
+        /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Preferences/.GlobalPreferences.plist AppleShowAllExtensions -bool true
+  query: |
+    SELECT 1 WHERE NOT EXISTS (
+      SELECT 1 FROM users AS u
+      LEFT JOIN (
+        SELECT * FROM plist WHERE
+          path LIKE '/Users/%/Library/Preferences/.GlobalPreferences.plist' AND
+          key = 'AppleShowAllExtensions' AND
+          value = '1') AS p
+      ON p.path = CONCAT(u.directory, '/Library/Preferences/.GlobalPreferences.plist')
+        WHERE u.directory LIKE '/Users/%' AND
+        p.value IS NULL
+    );
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS6.1.1
+  contributors: artemist-work
diff --git a/ee/cis/macos-13/test/scripts/CIS_6.1.1.sh b/ee/cis/macos-13/test/scripts/CIS_6.1.1.sh
new file mode 100755
index 0000000000..2b2bdc687e
--- /dev/null
+++ b/ee/cis/macos-13/test/scripts/CIS_6.1.1.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+
+# For QA: Replace <username> with your test user
+/usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Preferences/.GlobalPreferences.plist AppleShowAllExtensions -bool true