U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Big Sur Guidance Revision 7.0 Checklist Details (Checklist Revisions)

SCAP 1.3 Content:

Supporting Resources:

Target:

Target CPE Name
Apple macOS 11.0 (Big Sur) cpe:/o:apple:macos:11.0 (View CVEs)

Checklist Highlights

Checklist Name:
Big Sur Guidance
Checklist ID:
974
Version:
Revision 7.0
Type:
Compliance
Review Status:
Final
Authority:
Governmental Authority: NIST, macOS Security Compliance Project
Original Publication Date:
06/27/2023

Checklist Summary:

Included in this release are updated guidance documents (HTML, PDF, XLS, SCAP) for the NIST SP 800-53r5 Low, Moderate, and High, NIST 800-171, DISA-STIG, CIS Benchmarks Level 1 and 2, and CIS Critical Security Controls Version 8 baselines for macOS Big Sur (11.0). Additional resources can be found at the macOS Security Compliance Project Github https://github.com/usnistgov/macos_security

Checklist Role:

  • Client Operating System
  • Desktop Operating System
  • Server Operating System

Known Issues:

A document containing known issues with the SCAP can be found with the release files.

Target Audience:

This document has been created for IT professionals, particularly system administrators and information security personnel (security managers, engineers, administrators, etc.) who are responsible for securing or maintaining the security of macOS Big Sur 11.0 systems. Auditors and others who need to assess the security of systems may also find this publication useful. The document assumes that the reader has experience installing and administering macOS based systems.

Target Operational Environment:

  • Managed
  • Standalone

Testing Information:

Created and tested on macOS Big Sur (11.0) The SCAP content has been validated with NIST SCAP Validation Tool.

Regulatory Compliance:

The recommendations are consistent with the security control baselines advocated in NIST SP 800-53 Rev 5 (NIST FISMA implementation project publication).

Comments/Warnings/Miscellaneous:

Do not attempt to implement any of the settings without first testing them in a non-operational environment. These recommendations have only been tested on macOS Catalina 10.15. These settings may be applicable to other macOS systems; however, NIST has not tested other macOS based systems with these settings. Certain configuration profiles (Smartcards), when applied could leave a system in a state where a user can no longer login with a password. Please use caution when applying configuration settings to a system. If an MDM is already being leveraged, many of these profile settings may be available through the vendor These recommendations were developed at the National Institute of Standards and Technology, which collaborated with NASA, DoD, LANL, and Apple. NIST assumes no responsibility whatsoever for their use by other parties, and makes no guarantees, expressed or implied, about their quality, reliability, or any other characteristic. We would appreciate acknowledgement if the recommendations are used.

Disclaimer:

THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY, CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.

Product Support:

Not provided.

Point of Contact:

There is a public GitHub where issues and inquiries of general use and support can be raised https://github.com/usnistgov/macos_security

Sponsor:

NIST

Licensing:

This work includes contributions from the United States Government, members of the public, and Apple Inc. Except as otherwise noted, this work is licensed under Creative Commons Attribution 4.0 International Public License

Change History:

updated status to FINAL - 12/12/2020
Updates to fixes for multiple rules
null
Support for NIST 800-53 Revision 5 added
Updated rules and CIS Critical Security Controls version 8 references and additional baselines included.
Added CIS Benchmarks, updated checks
Updated checks, new rules, and removed rules.
Small changes and fixes to the previous version.
Updated checklist per NIST - 6/28/23
Updated checklist per NIST - 4/30/24

Dependency/Requirements:

URL Description

References:

Reference URL Description
https://github.com/usnistgov/macos_security macOS Security Compliance Project

NIST checklist record last modified on 04/30/2024