|
Name |
Mac OS X Benchmark v2.0 |
|
Version |
Version 2.0 |
|
Status |
Final
|
| Creation
Date |
2006-10-16 |
| Revision
Date |
2006-10-16 |
| Product
Category |
Operating System |
| Vendor |
Apple Computer, Inc |
| Product |
Macintosh OS X |
| Product
Version |
10.3 "Panther" |
| Product
Role |
Desktop Operating System |
|
Checklist
Summary |
This CIS
Benchmark document is designed to provide novice
and above level users with clear guidance for
securing Mac OS X Panther. The benchmark guides
a user or administrator, from the point of
installation (after updates), through the
process of securing a Mac OS X workstation.
This benchmark implements best practices and
techniques through a combination of scripting
and user interface security steps to achieve the
strict end goal of a secure, functional end-user
device (rather than a server). |
| Known
Issues |
|
| Target
Audience |
|
| Target
Operational Environment |
Enterprise/SOHO/Home |
| Checklist
Installation Tools |
Not Available |
| Rollback
Capability |
Not Available |
| Testing
Information |
Not Available |
| NIAP/CMVP
Status |
|
| Regulatory
Compliance |
|
Comments,
Warnings, Disclaimer, Miscellaneous
|
|
| Disclaimer |
Differs for Public and Private consumers, please
read disclaimer information from the CIS web
site located at:
http://www.cisecurity.org/sub_form.html |
| Product
Support |
|
| Submitting
Organization/Authors |
The Center for Internet Security (CIS) |
| Point
of Contact |
cis-feedback@cisecurity.org |
| Sponsor |
|
| Licensing |
Differs for Public and Private consumers, please
read licensing information from the CIS web site
located at:
http://www.cisecurity.org/sub_form.html |
| Checklist
Homepage |
http://www.cisecurity.org/ |
| Download
Package |
http://www.cisecurity.org/sub_form.html |
| Integrity |
sha1
(CIS_OSX_10.4_Benchmark_v2.0.pdf) =
72f2cac4449b4cc5591bb6267ef35cd18dd111d2
sha256 (CIS_OSX_10.4_Benchmark_v2.0.pdf) = 2ffc235a7bde332c0c57ea5e4bf46500d779beef0
43c238e2c294017ff1d69d1 |
| Change
History |
Version 1.02:August 18, 2005:
-
Typos, punctuation, etc… fixes
-
Rewrote the login warning banner section
to remove references to the
BootPanel.pdf. Made a mention of the
.nib file that can also be changed, but
that such a change is outside the scope
of the benchmark. Note that this
removed a figure, so redid the TOC and
TOF.
-
Added some text to the UID 0 section.
-
Removed references to ‘CONFIGSERVER’ in
/etc/hostconfig. I believe this was
valid in 10.0 and/or 10.1, but I can’t
find any references to it in Panther or
Tiger.
-
Added text to refer to VPNSERVER.
Added
reference for COREDUMPS (/etc/hostconfig) to
the section that discusses coredumps.
Version 2.0: 2006-10-16 |
| Dependency/Requirement |
|
| References |
NSA Mac OS X hardening
guide -
http://www.nsa.gov/snac/downloads_macX.cfm?
MenuID=
scg10.3.1.1.
Apple Product Security -
http://www.apple.com/support/security/.
Apple Mac OS X Security
Updates -
http://docs.info.apple.com/article.html?artnum=
61798.
Apple Mac OS X Common
Criteria Guide and Tools -
http://www.apple.com/support/security/
commoncriteria/
Corsaire hardening guide
for Mac OS X:
http://www.corsaire.com/white-papers/040622-securing-mac-os-x.pdf.
Shmoo group MacSecurity
site -
http://www.macsecurity.org.
AFP548.com -
http://www.afp548.com.
They have a lot of useful information, including
security tidbits.
MacEnterprise.org -
http://macenterprise.org/.
Site dedicated to Mac OS X in the Enterprise
setting.
|
| NIST
Identifier |
1104 |
