system_settings_improve_search_disable.yaml mis-identified as a CIS Level 1 control #443
Comments
golbiga
added a commit
that referenced
this issue
Oct 30, 2024
remove cis ref & tag from system_settings_improve_search_disable issue #443
robertgendler
added a commit
that referenced
this issue
Dec 16, 2024
* refactor[rules] STIG IDs Initial STIG-IDs added to rule files. * refactor[rules]ccis added New CCIs added to rules * refactor[rules] SRGs added New SRGs added to stig rules * refactor[rule] pwpolicy_custom_regex_enforce Remove unneeded SRG * refactor[rules] Added, Removed, Updated rules - os_authenticated_root_enable, updated check - os_directory_services_configured, removed from stig - os_ess_installed, removed from stig - os_firewall_log_enable, removed from 15.x - os_genmoji_disable, added 800-53 and stig - os_image_generation_disable, added 800-53 and sti.yaml - os_iphone_mirroring_disable - os_password_autofill_disable, added 800-53 and sti - os_ssh_fips_compliant, fixed check/fix - os_ssh_server_alive_count_max_configure, fixed fix - os_ssh_server_alive_interval_configure, fixed fix - os_sshd_fips_compliant, fixed fix/check - os_sudo_log_enforce, added 800-53 and stig - os_writing_tools_disable, added 800-53 and sti - pwpolicy_custom_regex_enforce, updated regex - system_settings_ssh_enable, removed from stig * refactor[rules] Removed from STIG Removed CCI, SRG, STIG ID, and STIG tag * refactor[rules]Added new STIG IDs Added STIG ID to - os_genmoji_disable - os_image_generation_disable - os_sudo_log_enforce - os_writing_tools_disable * Added new rule file * Add APPL-15-002023 * added APPL-15-002024 * fix[rules] removed tags for rules removed removed tags from rules removed from cis * added os_time_server_enable back to cis * Update Gitignore * Updating CIS benchmark and tags in missed rules. * refactor[rules]ssh fips and sshd fips Updated check and fix for ssh and sshd for FIPS * refactor[rules]ssh and sshd fips added check into sshd to not fix if proper * Fixed ODV regression for CIS * added missing path to grep * removed [ ] * Fix to not print, and fix multiple entries in .ssh/config * added dev null redirection, prevention of double entries * Fixed bin to dev and case insensitive sed * 800-171 Rev 2 to Rev 3 * Updated media sharing key * Updated STIG ID * merge from sequoia * refactor[rules] ssh fixes Updated ssh fixes to match os_ssh_fips_compliant * slightly simplier fix. removed unneeded loop * slightly simplier fix. removed unneeded loop * Adjusting CIS numbering. * fix[rule] fixed path Fixed path in system_settings_system_wide_preferences_configure * fix[rule] fixed path on line 63 fixed path in system_settings_system_wide_preferences_configure * fix[rule] added reference Added reference to os_sudo_log_enforce * refactor[rules] Added, Modified and deleted rules Added os_mail_summary_disable Added os_photos_enhanced_search_disable Removed system_settings_cd_dvd_sharing_disable Modified system_settings_improve_search_disable - updated title Modified system_settings_improve_siri_dictation_disable - updated title * renamed .yml to .yaml * changes for upcoming cis release * refactor - DISA STIG references updated to sequoia for DISA STIG baseline file created for disa stig * added os_sleep_and_display_sleep_apple_silicon_enable to all_rules * refactor[rules] CNSSI tags added Added CNSSI1253 low, moderate, high tags * refactor[baselines] Updated baseline files Updated cnssi1253 baseline files Updated all_rules baseline file Updated CIS baseline files * udpdated baseline files * [fix]system_settings_sleep_enforce sleep/displaysleep swap * updated title * fix[rule] remove cis tags and reference remove cis ref & tag from system_settings_improve_search_disable issue #443 * Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable * Fixing Sleep/displaysleep numbers based on CIS changes. * Fixing os_sleep_and_display_sleep_apple_silicon_enable * Removing DRAFT status from CIS * [fix]rule world writable library folder os_world_writable_library_folder_configure issue# 445 * refactor[rules] Added missing CCEs Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable * fix[rule] updated odv hint pwpolicy_custom_regex_enforce odv hint updated * Update system_settings_improve_assistive_voice_disable Issue #450 * refactor[rules]pwpolicy updates Removed 800-53 and 800-171 tags Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09 * refactor[rules] Added external intelligence rules Added rules to disable external intelligence features for 15.2 * Issue #450 * updated pwpolicy * Added CCEs * Removed double stig tag * updated baseline files * updated changelog * removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml * updated changelog * update[supplemental]: added 800-63 guidance fix[supplemental]: update note about filevault unlock * refactor[rule] pwpolicy_special_character_enforce Updated check to allow greater than ODV. Issue #451 * refactor[rules] ssh rules discussion update Added mention of /usr/libexec/reset-ssh-configuration. * updated release date and version * Added uniq to prevent false negatives * updated authors * updated release date --------- Co-authored-by: Allen Golbig <[email protected]> Co-authored-by: mahlmanj <[email protected]> Co-authored-by: Dan Brodjieski <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The rule yaml file under the Sequoia branch titled system_settings_improve_search_disable.yaml references the CIS level 1 control 2.19.1. This may have existed in early drafts of the CIS benchmark, but it is not in the recently published version published yesterday, 10/29/24. The below line should be modified.
from this:
cis:
benchmark:
- 2.19.1 (level 1)
to this:
cis:
benchmark:
- N/A
Link to the rule in question:
https://github.com/usnistgov/macos_security/blob/sequoia/rules/system_settings/system_settings_improve_search_disable.yaml
The text was updated successfully, but these errors were encountered: