diff --git a/.gitignore b/.gitignore index 254d3ed74..6de8f7e61 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ .bundle bin mscp_gems +docs/node_modules/ +docs/.astro/ +docs/package-lock.json diff --git a/baselines/nlmapgov_base.yaml b/baselines/nlmapgov_base.yaml new file mode 100644 index 000000000..dbbad4be9 --- /dev/null +++ b/baselines/nlmapgov_base.yaml @@ -0,0 +1,67 @@ +title: "macOS 15.0: Security Configuration - NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (base)" +description: | + This guide describes the actions to take when securing a macOS 15.0 system against the NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (base) security baseline. +authors: | + *macOS Security Compliance Project* + + |=== + |Jordy Witteman|Root3 + |=== +parent_values: "nlmapgov_base" +profile: + - section: "auditing" + rules: + - audit_acls_files_configure + - audit_acls_folders_configure + - audit_auditd_enabled + - audit_control_acls_configure + - audit_control_group_configure + - audit_control_mode_configure + - audit_control_owner_configure + - audit_files_group_configure + - audit_files_mode_configure + - audit_files_owner_configure + - audit_flags_ad_configure + - audit_folder_group_configure + - audit_folder_owner_configure + - audit_folders_mode_configure + - audit_retention_configure + - section: "macos" + rules: + - os_anti_virus_installed + - os_config_data_install_enforce + - os_gatekeeper_enable + - os_mdm_require + - os_safari_open_safe_downloads_disable + - os_sip_enable + - os_sudo_log_enforce + - os_time_server_enabled + - section: "passwordpolicy" + rules: + - pwpolicy_minimum_length_enforce + - section: "systemsettings" + rules: + - system_settings_automatic_login_disable + - system_settings_critical_update_install_enforce + - system_settings_filevault_enforce + - system_settings_find_my_disable + - system_settings_gatekeeper_identified_developers_allowed + - system_settings_gatekeeper_override_disallow + - system_settings_guest_account_disable + - system_settings_install_macos_updates_enforce + - system_settings_loginwindow_loginwindowtext_enable + - system_settings_software_update_app_update_enforce + - system_settings_software_update_download_enforce + - system_settings_software_update_enforce + - system_settings_softwareupdate_current + - system_settings_time_server_configure + - system_settings_time_server_enforce + - section: "Inherent" + rules: + - os_secure_enclave + - section: "Permanent" + rules: + - audit_off_load_records + - section: "Supplemental" + rules: + - supplemental_filevault diff --git a/baselines/nlmapgov_plus.yaml b/baselines/nlmapgov_plus.yaml new file mode 100644 index 000000000..54237910d --- /dev/null +++ b/baselines/nlmapgov_plus.yaml @@ -0,0 +1,118 @@ +title: "macOS 15.0: Security Configuration - NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (plus)" +description: | + This guide describes the actions to take when securing a macOS 15.0 system against the NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (plus) security baseline. +authors: | + *macOS Security Compliance Project* + + |=== + |Jordy Witteman|Root3 + |=== +parent_values: "nlmapgov_plus" +profile: + - section: "auditing" + rules: + - audit_acls_files_configure + - audit_acls_folders_configure + - audit_auditd_enabled + - audit_control_acls_configure + - audit_control_group_configure + - audit_control_mode_configure + - audit_control_owner_configure + - audit_files_group_configure + - audit_files_mode_configure + - audit_files_owner_configure + - audit_flags_ad_configure + - audit_folder_group_configure + - audit_folder_owner_configure + - audit_folders_mode_configure + - audit_retention_configure + - section: "icloud" + rules: + - icloud_drive_disable + - icloud_keychain_disable + - icloud_sync_disable + - section: "macos" + rules: + - os_anti_virus_installed + - os_authenticated_root_enable + - os_config_data_install_enforce + - os_external_storage_access_defined + - os_gatekeeper_enable + - os_home_folders_secure + - os_httpd_disable + - os_install_log_retention_configure + - os_mdm_require + - os_nfsd_disable + - os_on_device_dictation_enforce + - os_password_hint_remove + - os_password_proximity_disable + - os_password_sharing_disable + - os_rapid_security_response_removal_disable + - os_root_disable + - os_safari_advertising_privacy_protection_enable + - os_safari_open_safe_downloads_disable + - os_safari_prevent_cross-site_tracking_enable + - os_safari_show_full_website_address_enable + - os_safari_show_status_bar_enabled + - os_safari_warn_fraudulent_website_enable + - os_secure_boot_verify + - os_setup_assistant_filevault_enforce + - os_sip_enable + - os_sudo_log_enforce + - os_sudo_timeout_configure + - os_sudoers_timestamp_type_configure + - os_terminal_secure_keyboard_enable + - os_tftpd_disable + - os_time_server_enabled + - os_unlock_active_user_session_disable + - section: "passwordpolicy" + rules: + - pwpolicy_minimum_length_enforce + - section: "systemsettings" + rules: + - system_settings_automatic_login_disable + - system_settings_critical_update_install_enforce + - system_settings_diagnostics_reports_disable + - system_settings_filevault_enforce + - system_settings_find_my_disable + - system_settings_firewall_enable + - system_settings_firewall_stealth_mode_enable + - system_settings_gatekeeper_identified_developers_allowed + - system_settings_gatekeeper_override_disallow + - system_settings_guest_account_disable + - system_settings_improve_assistive_voice_disable + - system_settings_improve_search_disable + - system_settings_improve_siri_dictation_disable + - system_settings_install_macos_updates_enforce + - system_settings_internet_sharing_disable + - system_settings_loginwindow_loginwindowtext_enable + - system_settings_media_sharing_disabled + - system_settings_password_hints_disable + - system_settings_personalized_advertising_disable + - system_settings_printer_sharing_disable + - system_settings_rae_disable + - system_settings_remote_management_disable + - system_settings_screen_sharing_disable + - system_settings_screensaver_ask_for_password_delay_enforce + - system_settings_screensaver_password_enforce + - system_settings_screensaver_timeout_enforce + - system_settings_smbd_disable + - system_settings_software_update_app_update_enforce + - system_settings_software_update_download_enforce + - system_settings_software_update_enforce + - system_settings_softwareupdate_current + - system_settings_ssh_disable + - system_settings_system_wide_preferences_configure + - system_settings_time_machine_encrypted_configure + - system_settings_time_server_configure + - system_settings_time_server_enforce + - section: "Inherent" + rules: + - os_secure_enclave + - section: "Permanent" + rules: + - audit_off_load_records + - os_provide_automated_account_management + - section: "Supplemental" + rules: + - supplemental_filevault diff --git a/includes/mscp-data.yaml b/includes/mscp-data.yaml index 32c575d56..3c540772a 100644 --- a/includes/mscp-data.yaml +++ b/includes/mscp-data.yaml @@ -77,6 +77,14 @@ authors: - Allen Golbig|Jamf - Bob Gendler|National Institute of Standards and Technology - Aaron Kegerreis|Defense Information Systems Agency + nlmapgov_base: + names: + - Jordy Witteman|Root3 + - Aron van den Herik|Root3 + nlmapgov_plus: + names: + - Jordy Witteman|Root3 + - Aron van den Herik|Root3 titles: all_rules: All Rules 800-53r5_high: NIST SP 800-53 Rev 5 High Impact @@ -92,6 +100,8 @@ titles: cnssi-1253_moderate: Committee on National Security Systems Instruction No. 1253 (Moderate) cnssi-1253_high: Committee on National Security Systems Instruction No. 1253 (High) stig: Apple macOS 26 (Tahoe) STIG - Ver 1, Rel 1 + nlmapgov_base: NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (base) + nlmapgov_plus: NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (plus) ddm: supported_types: - com.apple.configuration.services.configuration-files diff --git a/rules/audit/audit_acls_files_configure.yaml b/rules/audit/audit_acls_files_configure.yaml index 93dc39298..a9acbfc66 100644 --- a/rules/audit/audit_acls_files_configure.yaml +++ b/rules/audit/audit_acls_files_configure.yaml @@ -46,6 +46,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -64,6 +66,8 @@ tags: - stig - cnssi-1253_moderate - cnssi-1253_high + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_acls_folders_configure.yaml b/rules/audit/audit_acls_folders_configure.yaml index 2d7f2b9b5..1d64f4ae7 100644 --- a/rules/audit/audit_acls_folders_configure.yaml +++ b/rules/audit/audit_acls_folders_configure.yaml @@ -46,6 +46,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -64,6 +66,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_auditd_enabled.yaml b/rules/audit/audit_auditd_enabled.yaml index 6bf5451f9..4d329b0ee 100644 --- a/rules/audit/audit_auditd_enabled.yaml +++ b/rules/audit/audit_auditd_enabled.yaml @@ -118,6 +118,8 @@ references: cmmc: - AU.L2-3.3.2 - AU.L2-3.3.6 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -136,6 +138,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_control_acls_configure.yaml b/rules/audit/audit_control_acls_configure.yaml index 437fa961c..3ac122e8c 100644 --- a/rules/audit/audit_control_acls_configure.yaml +++ b/rules/audit/audit_control_acls_configure.yaml @@ -45,6 +45,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -56,6 +58,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_control_group_configure.yaml b/rules/audit/audit_control_group_configure.yaml index a5ae0870d..a6f42be8e 100644 --- a/rules/audit/audit_control_group_configure.yaml +++ b/rules/audit/audit_control_group_configure.yaml @@ -45,6 +45,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -56,6 +58,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_control_mode_configure.yaml b/rules/audit/audit_control_mode_configure.yaml index ea20c0699..28a21d5c8 100644 --- a/rules/audit/audit_control_mode_configure.yaml +++ b/rules/audit/audit_control_mode_configure.yaml @@ -45,6 +45,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -56,6 +58,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_control_owner_configure.yaml b/rules/audit/audit_control_owner_configure.yaml index 4f7f95c30..0ebdc8de2 100644 --- a/rules/audit/audit_control_owner_configure.yaml +++ b/rules/audit/audit_control_owner_configure.yaml @@ -45,6 +45,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -56,6 +58,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_files_group_configure.yaml b/rules/audit/audit_files_group_configure.yaml index ea42c0951..d3de890c3 100644 --- a/rules/audit/audit_files_group_configure.yaml +++ b/rules/audit/audit_files_group_configure.yaml @@ -47,6 +47,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -65,6 +67,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_files_mode_configure.yaml b/rules/audit/audit_files_mode_configure.yaml index e6a67626e..8b63b524f 100644 --- a/rules/audit/audit_files_mode_configure.yaml +++ b/rules/audit/audit_files_mode_configure.yaml @@ -43,6 +43,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -61,6 +63,8 @@ tags: - cnssi-1253_high - cmmc_lvl2 - stig + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_files_owner_configure.yaml b/rules/audit/audit_files_owner_configure.yaml index 825a7932b..b49991bbb 100644 --- a/rules/audit/audit_files_owner_configure.yaml +++ b/rules/audit/audit_files_owner_configure.yaml @@ -47,6 +47,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -65,6 +67,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_flags_ad_configure.yaml b/rules/audit/audit_flags_ad_configure.yaml index ae796b6b2..62ea623ba 100644 --- a/rules/audit/audit_flags_ad_configure.yaml +++ b/rules/audit/audit_flags_ad_configure.yaml @@ -82,6 +82,8 @@ references: - AU.L2-3.3.3 - AU.L2-3.3.6 - SI.L2-3.14.3 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -100,6 +102,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_folder_group_configure.yaml b/rules/audit/audit_folder_group_configure.yaml index 29cf804da..a1a2d46bc 100644 --- a/rules/audit/audit_folder_group_configure.yaml +++ b/rules/audit/audit_folder_group_configure.yaml @@ -47,6 +47,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -65,6 +67,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_folder_owner_configure.yaml b/rules/audit/audit_folder_owner_configure.yaml index f32a9161e..ca5b37506 100644 --- a/rules/audit/audit_folder_owner_configure.yaml +++ b/rules/audit/audit_folder_owner_configure.yaml @@ -47,6 +47,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -65,6 +67,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_folders_mode_configure.yaml b/rules/audit/audit_folders_mode_configure.yaml index 269fde33f..17661fd7f 100644 --- a/rules/audit/audit_folders_mode_configure.yaml +++ b/rules/audit/audit_folders_mode_configure.yaml @@ -45,6 +45,8 @@ references: - 3.3 cmmc: - AU.L2-3.3.8 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -63,6 +65,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_off_load_records.yaml b/rules/audit/audit_off_load_records.yaml index 565ae21c7..c31decf71 100644 --- a/rules/audit/audit_off_load_records.yaml +++ b/rules/audit/audit_off_load_records.yaml @@ -29,6 +29,8 @@ references: - N/A controls v8: - 8.9 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -38,5 +40,7 @@ tags: - cnssi-1253_high - srg - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus mobileconfig: false mobileconfig_info: diff --git a/rules/audit/audit_retention_configure.yaml b/rules/audit/audit_retention_configure.yaml index 069aa8542..d23829d89 100644 --- a/rules/audit/audit_retention_configure.yaml +++ b/rules/audit/audit_retention_configure.yaml @@ -38,6 +38,8 @@ references: - AU.L2-3.3.1 800-171r3: - 03.03.03 + bio: + - 8.18.02 macOS: - '26.0' odv: @@ -46,6 +48,8 @@ odv: cis_lvl1: 60d OR 5G cis_lvl2: 60d OR 5G stig: 7d + nlmapgov_base: 180d + nlmapgov_plus: 180d tags: - 800-171 - 800-53r5_privacy @@ -63,6 +67,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: low mobileconfig: false mobileconfig_info: diff --git a/rules/icloud/icloud_drive_disable.yaml b/rules/icloud/icloud_drive_disable.yaml index cfcfbc77f..9b3319f02 100644 --- a/rules/icloud/icloud_drive_disable.yaml +++ b/rules/icloud/icloud_drive_disable.yaml @@ -48,6 +48,8 @@ references: - AC.L1-3.1.20 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.12 macOS: - '26.0' tags: @@ -65,6 +67,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_keychain_disable.yaml b/rules/icloud/icloud_keychain_disable.yaml index 3120ec266..d9e285d0a 100644 --- a/rules/icloud/icloud_keychain_disable.yaml +++ b/rules/icloud/icloud_keychain_disable.yaml @@ -48,6 +48,8 @@ references: - AC.L1-3.1.20 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.12 macOS: - '26.0' tags: @@ -65,6 +67,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/icloud/icloud_sync_disable.yaml b/rules/icloud/icloud_sync_disable.yaml index 4eabfb942..f31f8135c 100644 --- a/rules/icloud/icloud_sync_disable.yaml +++ b/rules/icloud/icloud_sync_disable.yaml @@ -47,6 +47,8 @@ references: - AC.L1-3.1.20 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.12 macOS: - '26.0' tags: @@ -65,6 +67,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_anti_virus_installed.yaml b/rules/os/os_anti_virus_installed.yaml index b66b82c44..0186ee53e 100644 --- a/rules/os/os_anti_virus_installed.yaml +++ b/rules/os/os_anti_virus_installed.yaml @@ -36,12 +36,19 @@ references: - 10.5 - 10.1 - 10.2 + bio: + - 8.07.01 + - 8.07.03 + - 8.07.04 + - 8.19.01 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_base + - nlmapgov_plus severity: "high" mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_authenticated_root_enable.yaml b/rules/os/os_authenticated_root_enable.yaml index 5feae9f00..0dca8f453 100644 --- a/rules/os/os_authenticated_root_enable.yaml +++ b/rules/os/os_authenticated_root_enable.yaml @@ -53,6 +53,8 @@ references: - AC.L1-3.1.1 - CM.L2-3.4.5 - SC.L2-3.13.11 + bio: + - 5.16.02 macOS: - '26.0' tags: @@ -72,6 +74,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_config_data_install_enforce.yaml b/rules/os/os_config_data_install_enforce.yaml index 4ddce5572..6f01850aa 100644 --- a/rules/os/os_config_data_install_enforce.yaml +++ b/rules/os/os_config_data_install_enforce.yaml @@ -44,6 +44,9 @@ references: - SI.L1-3.14.1 - SI.L1-3.14.2 - SI.L1-3.14.4 + bio: + - 8.07.03 + - 8.19.01 macOS: - '26.0' tags: @@ -59,6 +62,8 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_external_storage_access_defined.yaml b/rules/os/os_external_storage_access_defined.yaml index e7831c460..8ec6eb4d8 100644 --- a/rules/os/os_external_storage_access_defined.yaml +++ b/rules/os/os_external_storage_access_defined.yaml @@ -25,10 +25,13 @@ references: - 03.08.07 cmmc: - MP.L2-3.8.7 - - MP.L2-3.8.8 + - MP.L2-3.8.8 + bio: + - 8.12 odv: hint: Allowed, ReadOnly, or Disallowed recommended: Allowed + nlmapgov_plus: ReadOnly macOS: - '26.0' tags: @@ -39,6 +42,7 @@ tags: - cnssi-1253_moderate - cnssi-1253_low - cnssi-1253_high + - nlmapgov_plus mobileconfig: false mobileconfig_info: ddm_info: diff --git a/rules/os/os_gatekeeper_enable.yaml b/rules/os/os_gatekeeper_enable.yaml index a84e3d0bf..0f98aa54a 100644 --- a/rules/os/os_gatekeeper_enable.yaml +++ b/rules/os/os_gatekeeper_enable.yaml @@ -51,6 +51,9 @@ references: - SI.L1-3.14.1 - SI.L1-3.14.2 - SI.L1-3.14.4 + bio: + - 8.07.01 + - 8.19.01 macOS: - '26.0' tags: @@ -69,6 +72,8 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: high mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_home_folders_secure.yaml b/rules/os/os_home_folders_secure.yaml index fa9d51b6c..d767f222e 100644 --- a/rules/os/os_home_folders_secure.yaml +++ b/rules/os/os_home_folders_secure.yaml @@ -43,6 +43,8 @@ references: - AC.L1-3.1.2 - AC.L2-3.1.5 - AC.L2-3.1.6 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -60,6 +62,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_httpd_disable.yaml b/rules/os/os_httpd_disable.yaml index b6e8ef7eb..cc926657d 100644 --- a/rules/os/os_httpd_disable.yaml +++ b/rules/os/os_httpd_disable.yaml @@ -50,6 +50,8 @@ references: - 4.8 cmmc: - AC.L1-3.1.1 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -69,6 +71,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_install_log_retention_configure.yaml b/rules/os/os_install_log_retention_configure.yaml index d022ab542..fadb09b64 100644 --- a/rules/os/os_install_log_retention_configure.yaml +++ b/rules/os/os_install_log_retention_configure.yaml @@ -38,6 +38,8 @@ references: - 8.3 cmmc: - AU.L2-3.3.1 + bio: + - 8.19.01 macOS: - '26.0' odv: @@ -46,6 +48,7 @@ odv: cis_lvl1: 365 cis_lvl2: 365 stig: 365 + nlmapgov_plus: 365 tags: - cis_lvl1 - cis_lvl2 @@ -55,6 +58,7 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_mdm_require.yaml b/rules/os/os_mdm_require.yaml index be96cbba3..1da2fe5f4 100644 --- a/rules/os/os_mdm_require.yaml +++ b/rules/os/os_mdm_require.yaml @@ -49,6 +49,10 @@ references: - 5.1 cmmc: - CM.L2-3.4.2 + bio: + - 8.01.01 + - 8.01.02 + - 8.09 macOS: - '26.0' tags: @@ -65,6 +69,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_nfsd_disable.yaml b/rules/os/os_nfsd_disable.yaml index 36cfd92c2..5bcbf5cd3 100644 --- a/rules/os/os_nfsd_disable.yaml +++ b/rules/os/os_nfsd_disable.yaml @@ -43,6 +43,8 @@ references: - 4.8 cmmc: - AC.L1-3.1.1 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -62,6 +64,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_on_device_dictation_enforce.yaml b/rules/os/os_on_device_dictation_enforce.yaml index 31dc06607..b6d741917 100644 --- a/rules/os/os_on_device_dictation_enforce.yaml +++ b/rules/os/os_on_device_dictation_enforce.yaml @@ -46,6 +46,8 @@ references: - AC.L1-3.1.20 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.12 macOS: - '26.0' tags: @@ -66,6 +68,7 @@ tags: - cis_lvl1 - cis_lvl2 - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_password_hint_remove.yaml b/rules/os/os_password_hint_remove.yaml index af1fe112a..eedbd414c 100644 --- a/rules/os/os_password_hint_remove.yaml +++ b/rules/os/os_password_hint_remove.yaml @@ -40,7 +40,9 @@ references: srg: - SRG-OS-000079-GPOS-00047 disa_stig: - - APPL-26-003014 + - APPL-15-003014 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -52,6 +54,7 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_password_proximity_disable.yaml b/rules/os/os_password_proximity_disable.yaml index e566ece10..70e745408 100644 --- a/rules/os/os_password_proximity_disable.yaml +++ b/rules/os/os_password_proximity_disable.yaml @@ -37,6 +37,8 @@ references: cmmc: - IA.L2-3.5.8 - IA.L2-3.5.9 + bio: + - 8.12 macOS: - '26.0' tags: @@ -53,6 +55,7 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_password_sharing_disable.yaml b/rules/os/os_password_sharing_disable.yaml index 4df5f7eb2..479144a57 100644 --- a/rules/os/os_password_sharing_disable.yaml +++ b/rules/os/os_password_sharing_disable.yaml @@ -37,6 +37,8 @@ references: - IA.L2-3.5.9 cci: - N/A + bio: + - 8.12 macOS: - '26.0' tags: @@ -52,6 +54,7 @@ tags: - cnssi-1253_high - cmmc_lvl2 - cnssi-1253_moderate + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.applicationaccess: diff --git a/rules/os/os_provide_automated_account_management.yaml b/rules/os/os_provide_automated_account_management.yaml index 5cc39d7b6..2dcd36998 100644 --- a/rules/os/os_provide_automated_account_management.yaml +++ b/rules/os/os_provide_automated_account_management.yaml @@ -23,6 +23,8 @@ references: - N/A srg: - SRG-OS-000001-GPOS-00001 + bio: + - 5.16.02 macOS: - '26.0' tags: @@ -34,5 +36,6 @@ tags: - cnssi-1253_high - srg - cnssi-1253_moderate + - nlmapgov_plus mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_rapid_security_response_removal_disable.yaml b/rules/os/os_rapid_security_response_removal_disable.yaml index 119d4fb11..899a169a3 100644 --- a/rules/os/os_rapid_security_response_removal_disable.yaml +++ b/rules/os/os_rapid_security_response_removal_disable.yaml @@ -36,6 +36,8 @@ references: - SI.L1-3.14.1 - SI.L1-3.14.2 - SI.L1-3.14.4 + bio: + - 8.08.01 macOS: - '26.0' tags: @@ -48,6 +50,7 @@ tags: - cmmc_lvl2 - cmmc_lvl1 - cnssi-1253_moderate + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.applicationaccess: diff --git a/rules/os/os_root_disable.yaml b/rules/os/os_root_disable.yaml index f178e4315..52c19d2fc 100644 --- a/rules/os/os_root_disable.yaml +++ b/rules/os/os_root_disable.yaml @@ -42,7 +42,9 @@ references: - SRG-OS-000109-GPOS-00056 - SRG-OS-000104-GPOS-00051 disa_stig: - - APPL-26-000100 + - APPL-15-000100 + bio: + - 5.16.02 macOS: - '26.0' tags: @@ -62,6 +64,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_safari_advertising_privacy_protection_enable.yaml b/rules/os/os_safari_advertising_privacy_protection_enable.yaml index 71ba3dc63..6e209c560 100644 --- a/rules/os/os_safari_advertising_privacy_protection_enable.yaml +++ b/rules/os/os_safari_advertising_privacy_protection_enable.yaml @@ -26,12 +26,15 @@ references: - 6.3.6 (level 1) controls v8: - 9.1 + bio: + - 8.12 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.Safari: diff --git a/rules/os/os_safari_open_safe_downloads_disable.yaml b/rules/os/os_safari_open_safe_downloads_disable.yaml index 2429a5bb5..e45232bea 100644 --- a/rules/os/os_safari_open_safe_downloads_disable.yaml +++ b/rules/os/os_safari_open_safe_downloads_disable.yaml @@ -27,12 +27,16 @@ references: controls v8: - 9.1 - 9.6 + bio: + - 8.07.01 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_base + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.Safari: diff --git a/rules/os/os_safari_prevent_cross-site_tracking_enable.yaml b/rules/os/os_safari_prevent_cross-site_tracking_enable.yaml index 1e522b6b9..503c6bc17 100644 --- a/rules/os/os_safari_prevent_cross-site_tracking_enable.yaml +++ b/rules/os/os_safari_prevent_cross-site_tracking_enable.yaml @@ -27,12 +27,15 @@ references: controls v8: - 9.1 - 9.3 + bio: + - 8.12 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.Safari: diff --git a/rules/os/os_safari_show_full_website_address_enable.yaml b/rules/os/os_safari_show_full_website_address_enable.yaml index 0ef8bd70b..e850f99fc 100644 --- a/rules/os/os_safari_show_full_website_address_enable.yaml +++ b/rules/os/os_safari_show_full_website_address_enable.yaml @@ -26,12 +26,15 @@ references: - 6.3.7 (level 1) controls v8: - 9.1 + bio: + - 8.27.01 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.Safari: diff --git a/rules/os/os_safari_show_status_bar_enabled.yaml b/rules/os/os_safari_show_status_bar_enabled.yaml index 74cfeaf19..7d9991a67 100644 --- a/rules/os/os_safari_show_status_bar_enabled.yaml +++ b/rules/os/os_safari_show_status_bar_enabled.yaml @@ -26,12 +26,15 @@ references: - 6.3.10 (level 1) controls v8: - 9.1 + bio: + - 8.27.01 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.Safari: diff --git a/rules/os/os_safari_warn_fraudulent_website_enable.yaml b/rules/os/os_safari_warn_fraudulent_website_enable.yaml index 9e42e8597..6e77cdf39 100644 --- a/rules/os/os_safari_warn_fraudulent_website_enable.yaml +++ b/rules/os/os_safari_warn_fraudulent_website_enable.yaml @@ -27,12 +27,15 @@ references: controls v8: - 9.1 - 9.3 + bio: + - 8.27.01 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.Safari: diff --git a/rules/os/os_secure_boot_verify.yaml b/rules/os/os_secure_boot_verify.yaml index f382dab9a..b4c19cee9 100644 --- a/rules/os/os_secure_boot_verify.yaml +++ b/rules/os/os_secure_boot_verify.yaml @@ -31,7 +31,9 @@ references: - SRG-OS-000445-GPOS-00199 - SRG-OS-000446-GPOS-00200 disa_stig: - - APPL-26-005100 + - APPL-15-005100 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -41,6 +43,7 @@ tags: - cnssi-1253_high - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_secure_enclave.yaml b/rules/os/os_secure_enclave.yaml index a043469bc..7f0365051 100644 --- a/rules/os/os_secure_enclave.yaml +++ b/rules/os/os_secure_enclave.yaml @@ -30,6 +30,8 @@ references: - SRG-OS-000405-GPOS-00184 cmmc: - SC.L2-3.13.10 + bio: + - 8.01.01 macOS: - '26.0' tags: @@ -39,5 +41,7 @@ tags: - cmmc_lvl2 - srg - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_setup_assistant_filevault_enforce.yaml b/rules/os/os_setup_assistant_filevault_enforce.yaml index e7be2cf43..51cb9a9d4 100644 --- a/rules/os/os_setup_assistant_filevault_enforce.yaml +++ b/rules/os/os_setup_assistant_filevault_enforce.yaml @@ -38,6 +38,8 @@ references: - 3.11 cmmc: - SC.L2-3.13.16 + bio: + - 8.01.01 macOS: - '26.0' tags: @@ -48,6 +50,7 @@ tags: - cnssi-1253_moderate - cnssi-1253_low - cnssi-1253_high + - nlmapgov_plus severity: high mobileconfig: true mobileconfig_info: diff --git a/rules/os/os_sip_enable.yaml b/rules/os/os_sip_enable.yaml index f8039528f..1fbb3b30f 100644 --- a/rules/os/os_sip_enable.yaml +++ b/rules/os/os_sip_enable.yaml @@ -92,6 +92,8 @@ references: - SC.L2-3.13.4 - SI.L1-3.14.1 - SI.L1-3.14.4 + bio: + - 8.17 macOS: - '26.0' tags: @@ -111,6 +113,8 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: high mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_software_update_app_update_enforce.yaml b/rules/os/os_software_update_app_update_enforce.yaml index bd1412d4f..53d199eae 100644 --- a/rules/os/os_software_update_app_update_enforce.yaml +++ b/rules/os/os_software_update_app_update_enforce.yaml @@ -32,12 +32,16 @@ references: controls v8: - 7.3 - 7.4 + bio: + - 8.08.01 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_base + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.SoftwareUpdate: diff --git a/rules/os/os_sudo_log_enforce.yaml b/rules/os/os_sudo_log_enforce.yaml index f8fa767e8..01f65fbc0 100644 --- a/rules/os/os_sudo_log_enforce.yaml +++ b/rules/os/os_sudo_log_enforce.yaml @@ -36,6 +36,8 @@ references: - AU.L2-3.3.3 - AU.L2-3.3.6 - SI.L2-3.14.3 + bio: + - 8.18.02 macOS: - '26.0' tags: @@ -50,6 +52,8 @@ tags: - cnssi-1253_moderate - cnssi-1253_low - cnssi-1253_high + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_sudo_timeout_configure.yaml b/rules/os/os_sudo_timeout_configure.yaml index 0f308ed26..d983ff1d9 100644 --- a/rules/os/os_sudo_timeout_configure.yaml +++ b/rules/os/os_sudo_timeout_configure.yaml @@ -31,6 +31,8 @@ references: - 5.4 (level 1) controls v8: - 4.3 + bio: + - 8.27.01 macOS: - '26.0' odv: @@ -39,6 +41,7 @@ odv: cis_lvl1: 0 cis_lvl2: 0 stig: 0 + nlmapgov_plus: 0 tags: - 800-53r5_low - 800-53r5_moderate @@ -47,6 +50,7 @@ tags: - cis_lvl2 - cisv8 - stig + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_sudoers_timestamp_type_configure.yaml b/rules/os/os_sudoers_timestamp_type_configure.yaml index fca6553ff..1750f15aa 100644 --- a/rules/os/os_sudoers_timestamp_type_configure.yaml +++ b/rules/os/os_sudoers_timestamp_type_configure.yaml @@ -35,6 +35,8 @@ references: - 4.3 800-171r3: - 03.05.01 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -49,6 +51,7 @@ tags: - cnssi-1253_high - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_terminal_secure_keyboard_enable.yaml b/rules/os/os_terminal_secure_keyboard_enable.yaml index f3f6ee2c1..41f5a0c10 100644 --- a/rules/os/os_terminal_secure_keyboard_enable.yaml +++ b/rules/os/os_terminal_secure_keyboard_enable.yaml @@ -31,12 +31,15 @@ references: - 6.4.1 (level 1) controls v8: - 4.8 + bio: + - 8.12 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.Terminal: diff --git a/rules/os/os_tftpd_disable.yaml b/rules/os/os_tftpd_disable.yaml index aa4f7ec16..d474fb00e 100644 --- a/rules/os/os_tftpd_disable.yaml +++ b/rules/os/os_tftpd_disable.yaml @@ -62,6 +62,8 @@ references: - IA.L2-3.5.7 - IA.L2-3.5.8 - IA.L2-3.5.9 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -79,6 +81,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: high mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_time_server_enabled.yaml b/rules/os/os_time_server_enabled.yaml index db3e0f9ea..fc030bf0a 100644 --- a/rules/os/os_time_server_enabled.yaml +++ b/rules/os/os_time_server_enabled.yaml @@ -44,6 +44,8 @@ references: - 8.4 cmmc: - AU.L2-3.3.7 + bio: + - 8.17 macOS: - '26.0' tags: @@ -61,6 +63,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/os/os_unlock_active_user_session_disable.yaml b/rules/os/os_unlock_active_user_session_disable.yaml index afa60babb..7af41f454 100644 --- a/rules/os/os_unlock_active_user_session_disable.yaml +++ b/rules/os/os_unlock_active_user_session_disable.yaml @@ -66,6 +66,8 @@ references: cmmc: - IA.L1-3.5.1 - IA.L1-3.5.2 + bio: + - 8.27.01 macOS: - '26.0' odv: @@ -91,6 +93,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_history_enforce.yaml b/rules/pwpolicy/pwpolicy_history_enforce.yaml index df1bdef62..ec5c3411f 100644 --- a/rules/pwpolicy/pwpolicy_history_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_history_enforce.yaml @@ -27,7 +27,7 @@ references: - SRG-OS-000077-GPOS-00045 - SRG-OS-000775-GPOS-00230 disa_stig: - - N/A + - APPL-15-003009 800-171r3: - 03.05.07 cis: diff --git a/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml b/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml index 88b1907d0..360a4b451 100644 --- a/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_minimum_length_enforce.yaml @@ -38,6 +38,8 @@ references: - IA.L2-3.5.7 - IA.L2-3.5.8 - IA.L2-3.5.9 + bio: + - 5.17.03 macOS: - '26.0' odv: @@ -46,6 +48,8 @@ odv: cis_lvl1: 15 cis_lvl2: 15 stig: 14 + nlmapgov_base: 15 + nlmapgov_plus: 15 tags: - 800-171 - 800-53r4_low @@ -62,6 +66,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/pwpolicy/pwpolicy_prevent_dictionary_words.yaml b/rules/pwpolicy/pwpolicy_prevent_dictionary_words.yaml index 598d37db9..9adeffcb4 100644 --- a/rules/pwpolicy/pwpolicy_prevent_dictionary_words.yaml +++ b/rules/pwpolicy/pwpolicy_prevent_dictionary_words.yaml @@ -25,6 +25,8 @@ references: - N/A srg: - SRG-OS-000480-GPOS-00225 + bio: + - 5.17.03 macOS: - '26.0' tags: diff --git a/rules/supplemental/supplemental_filevault.yaml b/rules/supplemental/supplemental_filevault.yaml index 7fd3accc8..17270d55f 100644 --- a/rules/supplemental/supplemental_filevault.yaml +++ b/rules/supplemental/supplemental_filevault.yaml @@ -67,6 +67,10 @@ references: - N/A cmmc: - N/A + bio: + - 8.01.01 + - 8.24.03 + - 8.24.04 macOS: - '26.0' tags: @@ -87,5 +91,7 @@ tags: - cnssi-1253_low - stig - supplemental + - nlmapgov_base + - nlmapgov_plus mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_automatic_login_disable.yaml b/rules/system_settings/system_settings_automatic_login_disable.yaml index 325090fd7..011768e88 100644 --- a/rules/system_settings/system_settings_automatic_login_disable.yaml +++ b/rules/system_settings/system_settings_automatic_login_disable.yaml @@ -40,6 +40,8 @@ references: cmmc: - IA.L1-3.5.1 - IA.L1-3.5.2 + bio: + - 5.16.02 macOS: - '26.0' tags: @@ -59,6 +61,8 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_critical_update_install_enforce.yaml b/rules/system_settings/system_settings_critical_update_install_enforce.yaml index 1e3b3a46c..a825a29eb 100644 --- a/rules/system_settings/system_settings_critical_update_install_enforce.yaml +++ b/rules/system_settings/system_settings_critical_update_install_enforce.yaml @@ -36,6 +36,8 @@ references: cmmc: - SI.L1-3.14.1 - SI.L1-3.14.4 + bio: + - 8.08.01 macOS: - '26.0' tags: @@ -50,6 +52,8 @@ tags: - cmmc_lvl2 - cmmc_lvl1 - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.SoftwareUpdate: diff --git a/rules/system_settings/system_settings_diagnostics_reports_disable.yaml b/rules/system_settings/system_settings_diagnostics_reports_disable.yaml index 80dca21e4..024504f0a 100644 --- a/rules/system_settings/system_settings_diagnostics_reports_disable.yaml +++ b/rules/system_settings/system_settings_diagnostics_reports_disable.yaml @@ -51,6 +51,8 @@ references: - 4.8 cmmc: - AC.L1-3.1.20 + bio: + - 8.12 macOS: - '26.0' tags: @@ -70,6 +72,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_filevault_enforce.yaml b/rules/system_settings/system_settings_filevault_enforce.yaml index bca0ccf45..7e3a15c90 100644 --- a/rules/system_settings/system_settings_filevault_enforce.yaml +++ b/rules/system_settings/system_settings_filevault_enforce.yaml @@ -51,6 +51,8 @@ references: - 3.11 cmmc: - SC.L2-3.13.16 + bio: + - 8.01.01 macOS: - '26.0' tags: @@ -67,6 +69,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: high mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_find_my_disable.yaml b/rules/system_settings/system_settings_find_my_disable.yaml index 941d7117d..d2ecce74c 100644 --- a/rules/system_settings/system_settings_find_my_disable.yaml +++ b/rules/system_settings/system_settings_find_my_disable.yaml @@ -57,6 +57,8 @@ references: - AC.L1-3.1.20 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 7.10.02 macOS: - '26.0' tags: @@ -74,6 +76,8 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_firewall_enable.yaml b/rules/system_settings/system_settings_firewall_enable.yaml index 957fe1854..7a0c61f79 100644 --- a/rules/system_settings/system_settings_firewall_enable.yaml +++ b/rules/system_settings/system_settings_firewall_enable.yaml @@ -52,6 +52,8 @@ references: - CM.L2-3.4.6 - CM.L2-3.4.7 - SC.L1-3.13.1 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -71,6 +73,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_firewall_stealth_mode_enable.yaml b/rules/system_settings/system_settings_firewall_stealth_mode_enable.yaml index 731b4d090..70753e798 100644 --- a/rules/system_settings/system_settings_firewall_stealth_mode_enable.yaml +++ b/rules/system_settings/system_settings_firewall_stealth_mode_enable.yaml @@ -51,6 +51,8 @@ references: - CM.L2-3.4.6 - CM.L2-3.4.7 - SC.L1-3.13.1 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -69,6 +71,7 @@ tags: - cmmc_lvl2 - cmmc_lvl1 - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_gatekeeper_identified_developers_allowed.yaml b/rules/system_settings/system_settings_gatekeeper_identified_developers_allowed.yaml index 51f90312a..ab278f351 100644 --- a/rules/system_settings/system_settings_gatekeeper_identified_developers_allowed.yaml +++ b/rules/system_settings/system_settings_gatekeeper_identified_developers_allowed.yaml @@ -46,6 +46,8 @@ references: - 03.14.02 cmmc: - CM.L2-3.4.5 + bio: + - 8.19.01 macOS: - '26.0' tags: @@ -60,6 +62,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: high mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_gatekeeper_override_disallow.yaml b/rules/system_settings/system_settings_gatekeeper_override_disallow.yaml index 90bf4c44d..bf92720ce 100644 --- a/rules/system_settings/system_settings_gatekeeper_override_disallow.yaml +++ b/rules/system_settings/system_settings_gatekeeper_override_disallow.yaml @@ -32,6 +32,8 @@ references: - 03.14.02 cmmc: - CM.L2-3.4.5 + bio: + - 8.19.01 macOS: - '26.0' tags: @@ -45,6 +47,8 @@ tags: - cnssi-1253_high - cmmc_lvl2 - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_guest_account_disable.yaml b/rules/system_settings/system_settings_guest_account_disable.yaml index f041e4f00..b40c56dcc 100644 --- a/rules/system_settings/system_settings_guest_account_disable.yaml +++ b/rules/system_settings/system_settings_guest_account_disable.yaml @@ -49,6 +49,8 @@ references: - 6.8 cmmc: - AC.L1-3.1.2 + bio: + - 5.16.02 macOS: - '26.0' tags: @@ -68,6 +70,8 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_improve_assistive_voice_disable.yaml b/rules/system_settings/system_settings_improve_assistive_voice_disable.yaml index 6f999f7b4..98487b451 100644 --- a/rules/system_settings/system_settings_improve_assistive_voice_disable.yaml +++ b/rules/system_settings/system_settings_improve_assistive_voice_disable.yaml @@ -45,6 +45,8 @@ references: - AC.L1-3.1.20 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.12 macOS: - '26.0' tags: @@ -64,6 +66,7 @@ tags: - cis_lvl2 - cnssi-1253_moderate - stig + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_improve_search_disable.yaml b/rules/system_settings/system_settings_improve_search_disable.yaml index 999f40da5..a52f4d3cf 100644 --- a/rules/system_settings/system_settings_improve_search_disable.yaml +++ b/rules/system_settings/system_settings_improve_search_disable.yaml @@ -46,6 +46,8 @@ references: - AC.L1-3.1.20 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.12 macOS: - '26.0' tags: @@ -65,6 +67,7 @@ tags: - cnssi-1253_moderate - cis_lvl1 - cis_lvl2 + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_improve_siri_dictation_disable.yaml b/rules/system_settings/system_settings_improve_siri_dictation_disable.yaml index 4eb6b1381..bd3c14098 100644 --- a/rules/system_settings/system_settings_improve_siri_dictation_disable.yaml +++ b/rules/system_settings/system_settings_improve_siri_dictation_disable.yaml @@ -41,6 +41,8 @@ references: controls v8: - 4.1 - 4.8 + bio: + - 8.12 cmmc: - AC.L1-3.1.20 - CM.L2-3.4.6 @@ -64,6 +66,7 @@ tags: - cis_lvl1 - cis_lvl2 - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_install_macos_updates_enforce.yaml b/rules/system_settings/system_settings_install_macos_updates_enforce.yaml index 5c6f1ec01..3d91423d6 100644 --- a/rules/system_settings/system_settings_install_macos_updates_enforce.yaml +++ b/rules/system_settings/system_settings_install_macos_updates_enforce.yaml @@ -32,12 +32,16 @@ references: controls v8: - 7.3 - 7.4 + bio: + - 8.08.01 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_base + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.SoftwareUpdate: diff --git a/rules/system_settings/system_settings_internet_sharing_disable.yaml b/rules/system_settings/system_settings_internet_sharing_disable.yaml index c2795f4ea..5e35aac16 100644 --- a/rules/system_settings/system_settings_internet_sharing_disable.yaml +++ b/rules/system_settings/system_settings_internet_sharing_disable.yaml @@ -40,6 +40,8 @@ references: cmmc: - AC.L1-3.1.20 - AC.L2-3.1.3 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -59,6 +61,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_loginwindow_loginwindowtext_enable.yaml b/rules/system_settings/system_settings_loginwindow_loginwindowtext_enable.yaml index ae7e104f4..243972806 100644 --- a/rules/system_settings/system_settings_loginwindow_loginwindowtext_enable.yaml +++ b/rules/system_settings/system_settings_loginwindow_loginwindowtext_enable.yaml @@ -31,6 +31,8 @@ references: - 2.11.3 (level 1) controls v8: - 4.1 + bio: + - 6.03.01 macOS: - '26.0' odv: @@ -38,10 +40,14 @@ odv: recommended: Center for Internet Security Test Message cis_lvl1: Center for Internet Security Test Message cis_lvl2: Center for Internet Security Test Message + nlmapgov_base: NLMAPGOV Test Message + nlmapgov_plus: NLMAPGOV Test Message tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_base + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.loginwindow: diff --git a/rules/system_settings/system_settings_media_sharing_disabled.yaml b/rules/system_settings/system_settings_media_sharing_disabled.yaml index 32f49e9fd..b898a3a6f 100644 --- a/rules/system_settings/system_settings_media_sharing_disabled.yaml +++ b/rules/system_settings/system_settings_media_sharing_disabled.yaml @@ -49,6 +49,8 @@ references: - 4.8 cmmc: - AC.L1-3.1.1 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -67,6 +69,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_password_hints_disable.yaml b/rules/system_settings/system_settings_password_hints_disable.yaml index de7efea0b..70fd84c27 100644 --- a/rules/system_settings/system_settings_password_hints_disable.yaml +++ b/rules/system_settings/system_settings_password_hints_disable.yaml @@ -35,6 +35,8 @@ references: - 4.1 cmmc: - IA.L2-3.5.11 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -53,6 +55,7 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_personalized_advertising_disable.yaml b/rules/system_settings/system_settings_personalized_advertising_disable.yaml index 02753641b..f86802844 100644 --- a/rules/system_settings/system_settings_personalized_advertising_disable.yaml +++ b/rules/system_settings/system_settings_personalized_advertising_disable.yaml @@ -43,6 +43,8 @@ references: - AC.L1-3.1.20 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.12 macOS: - '26.0' tags: @@ -62,6 +64,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_printer_sharing_disable.yaml b/rules/system_settings/system_settings_printer_sharing_disable.yaml index 44b62960d..1d668683a 100644 --- a/rules/system_settings/system_settings_printer_sharing_disable.yaml +++ b/rules/system_settings/system_settings_printer_sharing_disable.yaml @@ -38,6 +38,8 @@ references: cmmc: - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -55,6 +57,7 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_rae_disable.yaml b/rules/system_settings/system_settings_rae_disable.yaml index 6675a2ca3..665a2b3b5 100644 --- a/rules/system_settings/system_settings_rae_disable.yaml +++ b/rules/system_settings/system_settings_rae_disable.yaml @@ -42,6 +42,8 @@ references: - 4.8 cmmc: - AC.L1-3.1.1 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -61,6 +63,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_remote_management_disable.yaml b/rules/system_settings/system_settings_remote_management_disable.yaml index a57d505f2..d250c24ef 100644 --- a/rules/system_settings/system_settings_remote_management_disable.yaml +++ b/rules/system_settings/system_settings_remote_management_disable.yaml @@ -39,6 +39,8 @@ references: cmmc: - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -56,6 +58,7 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_screen_sharing_disable.yaml b/rules/system_settings/system_settings_screen_sharing_disable.yaml index 39993fb5d..e7b32b0cc 100644 --- a/rules/system_settings/system_settings_screen_sharing_disable.yaml +++ b/rules/system_settings/system_settings_screen_sharing_disable.yaml @@ -52,6 +52,8 @@ references: - 4.8 cmmc: - AC.L1-3.1.1 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -71,6 +73,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_screensaver_ask_for_password_delay_enforce.yaml b/rules/system_settings/system_settings_screensaver_ask_for_password_delay_enforce.yaml index 0fe57f40b..a34add90f 100644 --- a/rules/system_settings/system_settings_screensaver_ask_for_password_delay_enforce.yaml +++ b/rules/system_settings/system_settings_screensaver_ask_for_password_delay_enforce.yaml @@ -42,6 +42,8 @@ references: - 4.7 cmmc: - AC.L2-3.1.10 + bio: + - 5.17.03 macOS: - '26.0' odv: @@ -50,6 +52,7 @@ odv: stig: 5 cis_lvl1: 5 cis_lvl2: 5 + nlmapgov_plus: 0 tags: - 800-53r5_moderate - 800-53r5_high @@ -64,6 +67,7 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_screensaver_password_enforce.yaml b/rules/system_settings/system_settings_screensaver_password_enforce.yaml index 0ebca429b..f1fd2798c 100644 --- a/rules/system_settings/system_settings_screensaver_password_enforce.yaml +++ b/rules/system_settings/system_settings_screensaver_password_enforce.yaml @@ -35,7 +35,9 @@ references: benchmark: - 2.11.2 (level 1) controls v8: - - 4.7 + - 4.7 + bio: + - 5.17.03 macOS: - '26.0' tags: @@ -51,6 +53,7 @@ tags: - cnssi-1253_moderate - cis_lvl1 - cis_lvl2 + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_screensaver_timeout_enforce.yaml b/rules/system_settings/system_settings_screensaver_timeout_enforce.yaml index b985b9232..28d48e66c 100644 --- a/rules/system_settings/system_settings_screensaver_timeout_enforce.yaml +++ b/rules/system_settings/system_settings_screensaver_timeout_enforce.yaml @@ -44,6 +44,8 @@ references: - 4.3 cmmc: - AC.L2-3.1.10 + bio: + - 5.17.03 macOS: - '26.0' odv: @@ -52,6 +54,7 @@ odv: cis_lvl1: 1200 cis_lvl2: 1200 stig: 900 + nlmapgov_plus: 300 tags: - 800-53r5_moderate - 800-53r5_high @@ -67,6 +70,7 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_smbd_disable.yaml b/rules/system_settings/system_settings_smbd_disable.yaml index b10493467..7c903ec98 100644 --- a/rules/system_settings/system_settings_smbd_disable.yaml +++ b/rules/system_settings/system_settings_smbd_disable.yaml @@ -40,6 +40,8 @@ references: - 5.4 cmmc: - AC.L1-3.1.1 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -59,6 +61,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_software_update_download_enforce.yaml b/rules/system_settings/system_settings_software_update_download_enforce.yaml index 0c8df4baa..5fb8ad8b3 100644 --- a/rules/system_settings/system_settings_software_update_download_enforce.yaml +++ b/rules/system_settings/system_settings_software_update_download_enforce.yaml @@ -32,12 +32,16 @@ references: controls v8: - 7.3 - 7.4 + bio: + - 8.08.01 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_base + - nlmapgov_plus mobileconfig: true mobileconfig_info: com.apple.SoftwareUpdate: diff --git a/rules/system_settings/system_settings_softwareupdate_current.yaml b/rules/system_settings/system_settings_softwareupdate_current.yaml index 5c90696fa..8f7ad9c0f 100644 --- a/rules/system_settings/system_settings_softwareupdate_current.yaml +++ b/rules/system_settings/system_settings_softwareupdate_current.yaml @@ -39,7 +39,9 @@ references: cmmc: - SI.L1-3.14.1 - SI.L1-3.14.2 - - SI.L1-3.14.4 + - SI.L1-3.14.4 + bio: + - 8.08.01 macOS: - '26.0' odv: @@ -59,6 +61,8 @@ tags: - 800-171 - cmmc_lvl2 - cmmc_lvl1 + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_ssh_disable.yaml b/rules/system_settings/system_settings_ssh_disable.yaml index aa6592ee1..3500691d0 100644 --- a/rules/system_settings/system_settings_ssh_disable.yaml +++ b/rules/system_settings/system_settings_ssh_disable.yaml @@ -54,6 +54,8 @@ references: - AC.L1-3.1.1 - CM.L2-3.4.6 - CM.L2-3.4.7 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -69,6 +71,7 @@ tags: - cmmc_lvl2 - cmmc_lvl1 - cnssi-1253_moderate + - nlmapgov_plus severity: high mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_system_wide_preferences_configure.yaml b/rules/system_settings/system_settings_system_wide_preferences_configure.yaml index d7fd7189a..a43644ca6 100644 --- a/rules/system_settings/system_settings_system_wide_preferences_configure.yaml +++ b/rules/system_settings/system_settings_system_wide_preferences_configure.yaml @@ -99,6 +99,8 @@ references: - AC.L1-3.1.1 - AC.L2-3.1.5 - AC.L2-3.1.6 + bio: + - 8.27.01 macOS: - '26.0' tags: @@ -116,6 +118,7 @@ tags: - cmmc_lvl1 - stig - cnssi-1253_moderate + - nlmapgov_plus severity: high mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_time_machine_encrypted_configure.yaml b/rules/system_settings/system_settings_time_machine_encrypted_configure.yaml index 3b092823a..234d80ae2 100644 --- a/rules/system_settings/system_settings_time_machine_encrypted_configure.yaml +++ b/rules/system_settings/system_settings_time_machine_encrypted_configure.yaml @@ -34,11 +34,14 @@ references: - 3.6 - 3.11 - 11.3 + bio: + - 8.12 macOS: - '26.0' tags: - cis_lvl1 - cis_lvl2 - cisv8 + - nlmapgov_plus mobileconfig: false mobileconfig_info: diff --git a/rules/system_settings/system_settings_time_server_configure.yaml b/rules/system_settings/system_settings_time_server_configure.yaml index b018fd0f8..68ece49af 100644 --- a/rules/system_settings/system_settings_time_server_configure.yaml +++ b/rules/system_settings/system_settings_time_server_configure.yaml @@ -42,6 +42,8 @@ references: - 8.4 cmmc: - AU.L2-3.3.7 + bio: + - 8.17 macOS: - '26.0' odv: @@ -50,6 +52,8 @@ odv: cis_lvl1: time.apple.com cis_lvl2: time.apple.com stig: time.nist.gov + nlmapgov_base: time.apple.com + nlmapgov_plus: time.apple.com tags: - 800-171 - 800-53r5_low @@ -65,6 +69,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/rules/system_settings/system_settings_time_server_enforce.yaml b/rules/system_settings/system_settings_time_server_enforce.yaml index af278db25..f7bdb9b33 100644 --- a/rules/system_settings/system_settings_time_server_enforce.yaml +++ b/rules/system_settings/system_settings_time_server_enforce.yaml @@ -41,6 +41,8 @@ references: - 8.4 cmmc: - AU.L2-3.3.7 + bio: + - 8.17 macOS: - '26.0' tags: @@ -58,6 +60,8 @@ tags: - cmmc_lvl2 - stig - cnssi-1253_moderate + - nlmapgov_base + - nlmapgov_plus severity: medium mobileconfig: true mobileconfig_info: diff --git a/scripts/generate_guidance.py b/scripts/generate_guidance.py index c71072383..892e70a9a 100755 --- a/scripts/generate_guidance.py +++ b/scripts/generate_guidance.py @@ -42,6 +42,7 @@ def __init__( cis, cmmc, indigo, + bio, custom_refs, odv, tags, @@ -66,6 +67,7 @@ def __init__( self.rule_cis = cis self.rule_cmmc = cmmc self.rule_indigo = indigo + self.rule_bio = bio self.rule_custom_refs = custom_refs self.rule_odv = odv self.rule_result_value = result_value @@ -90,6 +92,7 @@ def create_asciidoc(self, adoc_rule_template): rule_cis=self.rule_cis, rule_cmmc=self.rule_cmmc, rule_indigo=self.rule_indigo, + rule_bio=self.rule_bio, rule_srg=self.rule_srg, rule_result=self.rule_result_value, ) @@ -1771,9 +1774,10 @@ def generate_xls(baseline_name, build_path, baseline_yaml): sheet1.write(0, 14, "CIS v8", headers) sheet1.write(0, 15, "CMMC", headers) sheet1.write(0, 16, "indigo", headers) - sheet1.write(0, 17, "CCI", headers) - sheet1.write(0, 18, "Severity", headers) - sheet1.write(0, 19, "Modified Rule", headers) + sheet1.write(0, 17, "BIO", headers) + sheet1.write(0, 18, "CCI", headers) + sheet1.write(0, 19, "Severity", headers) + sheet1.write(0, 20, "Modified Rule", headers) sheet1.set_panes_frozen(True) sheet1.set_horz_split_pos(1) sheet1.set_vert_split_pos(2) @@ -1883,11 +1887,17 @@ def generate_xls(baseline_name, build_path, baseline_yaml): sheet1.write(counter, 16, indigo_refs, topWrap) sheet1.col(16).width = 500 * 15 + bio_refs = (str(rule.rule_bio)).strip("[]'") + bio_refs = bio_refs.replace(", ", "\n").replace("'", "") + + sheet1.write(counter, 17, bio_refs, topWrap) + sheet1.col(17).width = 500 * 15 + cci = (str(rule.rule_cci)).strip("[]'") cci = cci.replace(", ", "\n").replace("'", "") - sheet1.write(counter, 17, cci, topWrap) - sheet1.col(17).width = 400 * 15 + sheet1.write(counter, 18, cci, topWrap) + sheet1.col(18).width = 400 * 15 # determine severity # uses 'parent_values' from baseline.yaml file to determine which/if any severity to use @@ -1901,14 +1911,14 @@ def generate_xls(baseline_name, build_path, baseline_yaml): elif isinstance(rule.rule_severity, str): severity = f"{rule.rule_severity}" - sheet1.write(counter, 18, severity, topWrap) - sheet1.col(18).width = 400 * 15 + sheet1.write(counter, 19, severity, topWrap) + sheet1.col(19).width = 400 * 15 customized = (str(rule.rule_customized)).strip("[]'") customized = customized.replace(", ", "\n").replace("'", "") - sheet1.write(counter, 19, customized, topWrap) - sheet1.col(19).width = 400 * 15 + sheet1.write(counter, 20, customized, topWrap) + sheet1.col(20).width = 400 * 15 if rule.rule_custom_refs != ["None"]: for title, ref in rule.rule_custom_refs.items(): @@ -1958,6 +1968,7 @@ def create_rules(baseline_yaml): "cis", "cmmc", "indigo", + "bio", "srg", "sfr", "custom", @@ -2011,6 +2022,7 @@ def create_rules(baseline_yaml): rule_yaml["references"]["cis"], rule_yaml["references"]["cmmc"], rule_yaml["references"]["indigo"], + rule_yaml["references"]["bio"], rule_yaml["references"]["custom"], rule_yaml["odv"], rule_yaml["tags"], @@ -2360,6 +2372,11 @@ def main(): else: adoc_171_show = ":show_171!:" + if "NLMAPGOV" in baseline_yaml["title"].upper(): + adoc_BIO_show = ":show_BIO:" + else: + adoc_BIO_show = ":show_BIO!:" + if args.gary: adoc_tag_show = ":show_tags:" adoc_STIG_show = ":show_STIG:" @@ -2367,6 +2384,7 @@ def main(): adoc_cmmc_show = ":show_CMMC:" adoc_indigo_show = ":show_indigo:" adoc_171_show = ":show_171:" + adoc_BIO_show = ":show_BIO:" else: adoc_tag_show = ":show_tags!:" @@ -2395,6 +2413,7 @@ def main(): cis_attribute=adoc_cis_show, cmmc_attribute=adoc_cmmc_show, indigo_attribute=adoc_indigo_show, + bio_attribute=adoc_BIO_show, version=version_yaml["version"], os_version=version_yaml["os"], release_date=version_yaml["date"], @@ -2531,6 +2550,13 @@ def main(): else: indigo = ulify(rule_yaml["references"]["indigo"]) + try: + rule_yaml["references"]["bio"] + except KeyError: + bio = "" + else: + bio = ulify(rule_yaml["references"]["bio"]) + try: rule_yaml["references"]["srg"] except KeyError: @@ -2644,6 +2670,7 @@ def main(): rule_cis=cis, rule_cmmc=cmmc, rule_indigo=indigo, + rule_bio=bio, rule_cce=cce, rule_custom_refs=custom_refs, rule_tags=tags, @@ -2665,6 +2692,7 @@ def main(): rule_cis=cis, rule_cmmc=cmmc, rule_indigo=indigo, + rule_bio=bio, rule_cce=cce, rule_tags=tags, rule_srg=srg, @@ -2688,6 +2716,7 @@ def main(): rule_cis=cis, rule_cmmc=cmmc, rule_indigo=indigo, + rule_bio=bio, rule_cce=cce, rule_tags=tags, rule_srg=srg, @@ -2709,6 +2738,7 @@ def main(): rule_cis=cis, rule_cmmc=cmmc, rule_indigo=indigo, + rule_bio=bio, rule_cce=cce, rule_tags=tags, rule_srg=srg, diff --git a/templates/adoc_additional_docs.adoc b/templates/adoc_additional_docs.adoc index 210a10368..87037e5e6 100644 --- a/templates/adoc_additional_docs.adoc +++ b/templates/adoc_additional_docs.adoc @@ -48,6 +48,15 @@ ASSOCIATED DOCUMENTS |link:https://www.cnss.gov/CNSS/issuances/Instructions.cfm[CNSSI No. 1253]|_Security Categorization and Control Selection for National Security Systems_ |=== +[%header, cols=2*a] +.Baseline Informatiebeveiliging Overheid (BIO) +|=== +|Document Number or Descriptor +|Document Title +|link:https://www.bio-overheid.nl/category/producten/bio[BIO]|_Baseline Informatiebeveiliging Overheid (BIO)_ +|link:https://github.com/MinBZK/Baseline-Informatiebeveiliging-Overheid[BIO2 GitHub Repository]|_BIO2 GitHub Repository_ +|=== + === Non-Government Documents [%header, cols=2*a] .Apple diff --git a/templates/adoc_header.adoc b/templates/adoc_header.adoc index a1fdb4218..9896d87bd 100644 --- a/templates/adoc_header.adoc +++ b/templates/adoc_header.adoc @@ -21,6 +21,7 @@ $nist171_attribute $stig_attribute $cis_attribute $cmmc_attribute +$bio_attribute :version: $version ($release_date) :os: $os_version :proj-title: $html_header_title diff --git a/templates/adoc_rule.adoc b/templates/adoc_rule.adoc index 3123770b9..24c24be8b 100644 --- a/templates/adoc_rule.adoc +++ b/templates/adoc_rule.adoc @@ -56,6 +56,11 @@ ifdef::show_CMMC[] !$rule_cmmc endif::[] +ifdef::show_BIO[] +!BIO +!$rule_bio +endif::[] + !CCE !$rule_cce