This document provides a high-level view of the changes to the macOS Security Compliance Project.
-
Rules
-
Added Rules
-
icloud_private_relay_disable
-
os_recovery_lock_enable
-
os_skip_unlock_with_watch_enable
-
os_ssh_fips_compliant
-
os_sshd_fips_compliant
-
sysprefs_airplay_receiver_disable
-
-
Modified Rules
-
auth_ssh_password_authentication_disable
-
os_directory_services_configured
-
os_prohibit_remote_activation_collab_devices
-
sysprefs_ssh_disable
-
sysprefs_ssh_enable
-
-
Deleted Rules
-
os_ssh_fips_140_ciphers
-
os_ssh_fips_140_macs
-
os_sshd_fips_140_ciphers
-
os_sshd_fips_140_macs
-
-
Updated existing rules rules to reflect 12.0
-
Updated CCEs to existing rules
-
Bug fixes
-
-
Baselines
-
Added CIS v8
-
Modified existing baselines
-
Added author field
-
-
-
Scripts
-
generate_guidanace
-
Bug fixes
-
Added architecture check
-
Updated support for author & scope sections
-
When generating SCAP content, pdf file will no longer be created
-
-
generate_baseline
-
Bug fixes
-
Rules are now sorted alphabetically
-
Added support for author field in baselines
-
-
yaml-to-oval
-
Bug fixes
-
-
-
SCAP
-
Renames datastream.xml to match macOS version and guidance version
-
Includes SCAP profiles for all supported baselines
-