New:
- Security baseline compliance reporting: beta 1
- NIST 800-53r4 and CNSSI 1253 initial supported baselines
- CIS benchmarks and US Gov. STIG planned
- We are leveraging the NIST macOS security framework available here:
https://github.com/usnistgov/macos_security
Bug Fixes:
- Fixed a rare crash caused by some visual studio code plugins
- Fixed a rare case where cmdReporter may excessively write logs to disk
Improvements:
- Minor changes and updates required for macOS 11
- Improved null preference string checks to prevent default value overwrites
- Intrusion detection performance improvements
New Preferences:
| Key | Value Type | Example Values | Details |
| SecurityBaseline | string | 800-53_high | Security baseline to evaluate, current possible values are: 800-53_high 800-53_moderate 800-53_low all_rulesĀ cnssi-1253 |
| SecurityBaselineReportingInterval | integer | 1440 | Number of minutes between baseline evaluations |
Example Security Baseline Event
{
"event_attributes":
{
"module": "all_rules",
"references":
{
"800-53r4": ["IA-5(1)(a)"],
"cce": ["CCE-84819-2"],
"cci": ["CCI-001619"],
"disa_stig": ["AOSX-14-003011"],
"srg": ["SRG-OS-000266-GPOS-00101"]
},
"result_details": [
{
"result_actual": "",
"result_expected": "1",
"result_is_value_forced": false,
"result_key_checked": "minComplexChars"
}],
"rule": "pwpolicy_special_character_enforce",
"section": "PasswordPolicy",
"status": "fail"
},
"header":
{
"event_name": "SECURITY_BASELINE_EVENT",
"time_seconds_epoch": 1600121376
},
"host_info":
{
"host_name": "Dan's MacBook Pro",
"host_uuid": "...",
"osversion": "macOS 10.15.5 (Build 19F101)",
"primary_mac_address": "...",
"serial_number": "..."
}
}