macos_security/baselines/nlmapgov_plus.yaml at 7add53f768c014c19a46a8f35f18a8b226d6d396 · root3nl/macos_security · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
title: "iOS/iPadOS 26.0: Security Configuration - NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (plus)"
description: |
  This guide describes the actions to take when securing a iOS/iPadOS 26.0 system against the NLMAPGOV - Nederlandse Maatregelenset Apple Platformen Overheid (plus) security baseline.

  Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios.
authors: |
  *macOS Security Compliance Project*

  |===
  |Jordy Witteman|Root3
  |Aron van den Herik|Root3
  |===
parent_values: "nlmapgov_plus"
profile:
  - section: "icloud"
    rules:
      - icloud_keychain_disable
      - icloud_managed_apps_store_data_disabled
  - section: "ios"
    rules:
      - os_airdrop_unmanaged_destination_enable
      - os_allow_documents_managed_sources_unmanaged_destinations_disable
      - os_apple_watch_wrist_detection_enable
      - os_authentication_password_autofill_enable
      - os_background_security_improvement_install_enable
      - os_background_security_improvement_removal_disable
      - os_diagnostics_reports_disable
      - os_disallow_enterprise_app_trust
      - os_external_intelligence_integration_sign_in_disable
      - os_force_date_and_time_enable
      - os_force_encrypted_backups_enable
      - os_install_configuration_profile_disable
      - os_install_vpn_configuration_disable
      - os_iphone_mirroring_disable
      - os_limit_ad_tracking_enable
      - os_mail_maildrop_disable
      - os_mail_move_messages_disable
      - os_marketplace_prevent
      - os_on_device_dictation_enforce
      - os_on_device_translation_enforce
      - os_personalized_advertising_disable
      - os_require_managed_pasteboard_enforce
      - os_safari_cookies_set
      - os_safari_force_fraud_warning_enable
      - os_software_update_download_enforce
      - os_software_update_install_enforce
      - os_ssl_for_exchange_activesync_enable
      - os_supervised_mdm_require
      - os_unpaired_boot_disable
      - os_untrusted_tls_disable
      - os_usb_accessories_when_locked_disable
      - os_web_distribution_app_installation_disable
  - section: "passwordpolicy"
    rules:
      - pwpolicy_force_pin_enable
      - pwpolicy_minimum_length_enforce
      - pwpolicy_simple_sequence_disable