Download
| Alert*
|
oval:org.secpod.oval:def:85891
The Application Firewall is the built in firewall that comes with Mac OS X and must be enabled. Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network. oval:org.secpod.oval:def:85867 The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. Thi ... oval:org.secpod.oval:def:85911 The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. Thi ... oval:org.secpod.oval:def:85923 When automatic logins are enabled, the default user account is automatically logged in at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer in order to log in. Disabling automatic logins mitigates this risk. oval:org.secpod.oval:def:85878 The Guest account, a special managed account, is considered a security vulnerability in most situations because it has no password associated with it. oval:org.secpod.oval:def:85896 Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. One method of minimizing this risk is to use complex passwords and periodically change them. If the operating system does not limit the lifetime of passwords and force users to chang ... oval:org.secpod.oval:def:85864 This setting allows macOS updates to be installed automatically once they are available from Apple. Because patches need to be applied as soon as possible, allowing for automatic updates ensures that the users device is updated in a timely manner rather than be left vulnerable to additional security ... oval:org.secpod.oval:def:85894 Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that deter ... oval:org.secpod.oval:def:85916 Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and p ... oval:org.secpod.oval:def:85909 The operating system must enforce a minimum 15-character password length. The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one fact ... oval:org.secpod.oval:def:85862 Automatically checking for updates makes it easier for the user to know when updates are available. It is important that a system has the newest updates applied to prevent unauthorized persons from exploiting identified vulnerabilities. oval:org.secpod.oval:def:85886 The system must allow only applications downloaded from the App Store to run. Gatekeeper settings must be configured correctly to only allow the system to run applications downloaded from the Mac App Store. Administrator users will still have the option to override these settings on a per app basis. ... oval:org.secpod.oval:def:85905 Controls when, and if, a password hint is given the user, based on the number of failed login attempts. In loginwindow.plist, set the RetriesUntilHint key = X to show a hint after X login failures, or set the key = 0 to disable hints. |
