) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
CIS Apple macOS 12.0 Monterey Benchmark 3.0.0 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Prose - CIS Apple macOS 12.0 Monterey Benchmark v3.0.0
- Center for Internet Security (CIS)
Target:
| Target | CPE Name |
|---|---|
| Apple macOS 12.0 (Monterey) | cpe:/o:apple:macos:12.0 (View CVEs) |
Checklist Highlights
- Checklist Name:
- CIS Apple macOS 12.0 Monterey Benchmark
- Checklist ID:
- 1101
- Version:
- 3.0.0
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Third Party: Center for Internet Security (CIS)
- Original Publication Date:
- 10/16/2023
Checklist Summary:
This document, CIS Apple macOS 12.0 Monterey Benchmark, provides prescriptive guidance for establishing a secure configuration posture for Apple macOS 12.0 Monterey. This guide was tested against Apple macOS 12.0 Monterey. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at feedback@cisecurity.org. This Benchmark includes instructions for auditing and remediation containing three different methods: Graphical User Interface (GUI), Command Line Interface using Terminal (CLI), and Configuration Profiles. These may be used to evaluate current configuration status and make changes as desired. In most cases, all methods are supported by the Operating System and it is up to organizational implementation personnel on how best to implement. There are some recommendations that can only be managed through one of these methods. Each organization must decide if control management outside their standard process is required if no solution is possible through their organization's specific choice of implementation. It is best practice at this time for Enterprise-managed devices to use profiles for management. A mix of both profile device management and command line hardening scripts will be the most comprehensive solution. With the functionality of mobile configuration profiles, there has been an update to several recommendations. Any recommendation that is user specific but has a profile that sets a system-wide setting are compliant only with the profile installed. Any user specific settings have been moved to the Additional Information section but will no longer pass the audit. More profile information https://developer.apple.com/documentation/devicemanagement https://developer.apple.com/documentation/devicemanagement/configuring_multiple_devices_using_profiles Organizations that are using profiles should remember that a profile can limit what, if any, settings can be changed based on the profile payload. Even authorized organization technical personnel may not be able to change a setting with a profile in place. If technical personnel are expected to make changes that are contrary to profile settings, the profile may need to be reviewed in order to verify which accounts and what conditions apply, or a process to temporarily remove the profile should be in place.
Checklist Role:
- Operating System
Known Issues:
Not provided.
Target Audience:
This document is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Apple macOS 12.0.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
Not provided.
Product Support:
Not provided.
Point of Contact:
feedback@cisecurity.org
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
new checklist - 2/26/24 updated status to FINAL - 3/28/24
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|