Welcome to the macOS Hardening Interface

Global progress - 15/54

27%

Goal progress - 15/50

30%

#	Mode	Name	Severity	UIX impact	Default Value	Recommended Value
Filter
Updates
1001	Basic	Software Update : Automatically check new software updates	Medium	No impact	`true`	`true`
Software Update : Automatically check new software updates AutomaticUpdates Introduction Auto Update verifies that your system has the newest security patches and software updates. If "Automatically check for updates" is not selected background updates for new malware definition files from Apple for XProtect and Gatekeeper will not occur. Read more > Graphical Method 1. Open System Preferences 2. Select Software Update 3. Select Advanced 4. Verify that « Check for updates » is selected Table of settings UIX No impact : `0` Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.SoftwareUpdate` RegistryItem : `AutomaticCheckEnabled` Values Type : Possible Values : More Informations Potential impact Without automatic update, updates may not be made in a timely manner and the system will be exposed to additional risk. Advices It is important that a system has the newest updates applied so as to prevent unauthorized persons from exploiting identified vulnerabilities. Notes
1002	Basic	Software Update : Automatically download new software updates	Medium	No impact	`true`	`true`
Software Update : Automatically download new software updates AutomaticUpdateDownload Introduction This policy download new updates automaticly Read more > Graphical Method 1. Open System Preferences 2. Select Software Update 3. Select Advanced 4. Verify that « Download new updates when available » is selected Table of settings UIX No impact : `0` Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.SoftwareUpdate` RegistryItem : `AutomaticDownload` Values Type : Possible Values : More Informations Potential impact If "Download new updates when available" is not selected, updates may not made in a timely manner and the system will be exposed to additional risk. Advices It is important that a system has the newest updates applied so as to prevent unauthorized persons from exploiting identified vulnerabilities.
1003	Basic	Software Update : Enable system data files updates install	Medium	No impact	`true`	`true`
Software Update : Enable system data files updates install Updates Install Introduction This policy install and update system data files Read more > Graphical Method 1. Open System Preferences 2. Select Software Updates 3. Select Advanced 4. Verify that Install system data files and security updates is selected Table of settings UIX No impact : `0` Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.SoftwareUpdate` RegistryItem : `ConfigDataInstall` Values Type : Possible Values : More Informations Potential impact Unpatched software may be exploited. Advices Patches need to be applied in a timely manner to reduce the risk of vulnerabilities being exploited.
1004	Basic	Software Update : Enable security updates install	Medium	No impact	`true`	`true`
Software Update : Enable security updates install Updates Install Security Introduction This policy allow security updates/installation Read more > Graphical Method 1. Open System Preferences 2. Select Software Updates 3. Select Advanced 4. Verify that Install system data files and security updates is selected Table of settings UIX No impact : `0` Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.SoftwareUpdate` RegistryItem : `CriticalUpdateInstall` Values Type : Possible Values : More Informations Potential impact Unpatched software may be exploited. Advices Patches need to be applied in a timely manner to reduce the risk of vulnerabilities being exploited.
1005	Basic	Software Update : Automatically install macOS updates	Medium	No impact	`false`	`true`
Software Update : Automatically install macOS updates AutomaticUpdates Install Introduction This policy install MacOS updates automaticly Read more > Graphical Method 1. Open System Preferences 2. Select Software Update 3. Select Advanced 4. Verify that « Install MacOS updates » is selected Table of settings UIX No impact : `0` Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.SoftwareUpdate` RegistryItem : `AutomaticallyInstallMacOSUpdates` Values Type : Possible Values : More Informations Potential impact Unpatched software may be exploited. Advices Patches need to be applied in a timely manner to reduce the risk of vulnerabilities being exploited.
1100	Basic	AppStore : Automatically keep apps up to date from app store	Medium	No impact	`false`	`true`
AppStore : Automatically keep apps up to date from app store AutomaticUpdates Install Apps Introduction This policy install apps from AppStore updates automaticly Read more > Graphical Method 1. Open System Preferences 2. Select Software Update 3. Select Advanced 4. Verify that « Install apps updates from AppStore » is selected Table of settings UIX No impact : `0` Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.commerce` RegistryItem : `AutoUpdate` Values Type : Possible Values : More Informations Potential impact Unpatched software may be exploited. Advices Patches need to be applied in a timely manner to reduce the risk of vulnerabilities being exploited.
Login/Logout
2000	Basic	Sleep : AC display sleep timer	Medium	Impact	`10`	`5`
Sleep : AC display sleep timer Battery Sleep Display Introduction This policy turn off the display after a time of inactivity when your computer is using his battery. Read more > Graphical Method 1. Open System Preferences 2. Select Battery 3. Select Power Adapter 4. Verify that « Turn display off after : “ is set to 5 Table of settings UIX Impact : `2` Method Method : `PlistBuddy` Registry RegistryPath : `/Library/Preferences/com.apple.PowerManagement.plist` RegistryItem : `'AC Power':'Display Sleep Timer'` Values Type : Possible Values : More Informations
2001	Basic	Sleep : Battery display sleep timer	Medium	Impact	`2`	`2`
Sleep : Battery display sleep timer Battery Sleep Display Introduction This policy turn off the display after a time of inactivity when your computer is charging. Read more > Graphical Method 1. Open System Preferences 2. Select Battery 3. Select Battery 4. Verify that “Turn display off after : “ is set to 2 Table of settings UIX Impact : `2` Method Method : `PlistBuddy` Registry RegistryPath : `/Library/Preferences/com.apple.PowerManagement.plist` RegistryItem : `'Battery Power':'Display Sleep Timer'` Values Type : Possible Values : More Informations
2100	Basic	Screen Saver : Enable prompt for a password on screen saver	High	Impact	`false`	`true`
Screen Saver : Enable prompt for a password on screen saver Password Sleep Introduction This policy ask for a password after sleep or screen saver begins Read more > Graphical Method 1. Open System Preferences 2. Select Security & Privacy 3. Verify that “Require password after sleep or screen saver begin“ is selected Table of settings UIX Impact : `2` Method Method : `Registry` Registry RegistryPath : `com.apple.screensaver` RegistryItem : `askForPassword` Values Type : Possible Values : More Informations
2101	Basic	Screen Saver : Set password delay	High	Impact		`0`
Screen Saver : Set password delay Password Sleep Timer Introduction This policy set the time after the password is asked Read more > Graphical Method 1. Open System Preferences 2. Select Security & Privacy 3. Verify that “Require password after sleep or screen saver begin“ is set to immediately Table of settings UIX Impact : `2` Method Method : `Registry` Registry RegistryPath : `com.apple.screensaver` RegistryItem : `askForPasswordDelay` Values Type : Possible Values : More Informations Advices If true, the user is prompted for a password when the screen saver is unlocked or stopped. When you use this prompt, you must also provide askForPasswordDelay. Available in macOS 10.13 and later. Default: false
2102	Basic	Screen Saver : Set an inactivity interval for the screen saver	Medium	Impact	`1200`	`1200`
Screen Saver : Set an inactivity interval for the screen saver Screen Saver Introduction This policy set an inactivity interval before Screen saver Read more > Graphical Method 1. Open System Preferences 2. Desktop & ScreenSaver 3. Verify that “Show Screen saver after “ is set to 20 minutes Table of settings UIX Impact : `2` Method Method : `Registry` Registry RegistryPath : `com.apple.screensaver` RegistryItem : `idleTime` Values Type : Possible Values : More Informations Advices The number of seconds to delay before the password will be required to unlock or stop the screen saver (the grace period). A value of 2147483647 (for example, 0x7FFFFFFF) disables this requirement. To use this option, you must set askForPassword to true. Available in macOS 10.13 and later.
21031	Basic	Screen Saver : Secure screen saver corners (top-left)	Medium	Impact	`0`	`0`
Screen Saver : Secure screen saver corners (top-left) Hot corners Introduction Hot Corners can be configured to disable the screen saver by moving the mouse cursor to a corner of the screen. Read more > Graphical Method 1. Open System Preferences 2. Select Desktop & Screen Saver 3. Select Screen Saver 4. Select Hot Corners... and verify that Disable Screen Saver is not set Table of settings UIX Impact : `2` Method Method : `Registry` Registry RegistryPath : `com.apple.dock` RegistryItem : `wvous-tl-corner` Values Type : Possible Values : More Informations Potential impact If the screensaver is not set users may leave the computer available for an unauthorized person to access information. Advices Setting an inactivity interval for the screensaver prevents unauthorized persons from viewing a system left unattended for an extensive period of time.
21032	Basic	Screen Saver : Secure screen saver corners (bottom-left)	Medium	Impact	`0`	`0`
Screen Saver : Secure screen saver corners (bottom-left) Hot corners Introduction Hot Corners can be configured to disable the screen saver by moving the mouse cursor to a corner of the screen. Read more > Graphical Method 1. Open System Preferences 2. Select Desktop & Screen Saver 3. Select Screen Saver 4. Select Hot Corners... and verify that Disable Screen Saver is not set Table of settings UIX Impact : `2` Method Method : `Registry` Registry RegistryPath : `com.apple.dock` RegistryItem : `wvous-bl-corner` Values Type : Possible Values : More Informations Potential impact If the screensaver is not set users may leave the computer available for an unauthorized person to access information. Advices Setting an inactivity interval for the screensaver prevents unauthorized persons from viewing a system left unattended for an extensive period of time.
21033	Basic	Screen Saver : Secure screen saver corners (top-right)	Medium	Impact	`0`	`0`
Screen Saver : Secure screen saver corners (top-right) Hot corners Introduction Hot Corners can be configured to disable the screen saver by moving the mouse cursor to a corner of the screen. Read more > Graphical Method 1. Open System Preferences 2. Select Desktop & Screen Saver 3. Select Screen Saver 4. Select Hot Corners... and verify that Disable Screen Saver is not set Table of settings UIX Impact : `2` Method Method : `Registry` Registry RegistryPath : `com.apple.dock` RegistryItem : `wvous-tr-corner` Values Type : Possible Values : More Informations Potential impact If the screensaver is not set users may leave the computer available for an unauthorized person to access information. Advices Setting an inactivity interval for the screensaver prevents unauthorized persons from viewing a system left unattended for an extensive period of time.
21034	Basic	Screen Saver : Secure screen saver corners (bottom-right)	Medium	Impact	`0`	`0`
Screen Saver : Secure screen saver corners (bottom-right) Hot corners Introduction Hot Corners can be configured to disable the screen saver by moving the mouse cursor to a corner of the screen. Read more > Graphical Method 1. Open System Preferences 2. Select Desktop & Screen Saver 3. Select Screen Saver 4. Select Hot Corners... and verify that Disable Screen Saver is not set Table of settings UIX Impact : `2` Method Method : `Registry` Registry RegistryPath : `com.apple.dock` RegistryItem : `wvous-br-corner` Values Type : Possible Values : More Informations Potential impact If the screensaver is not set users may leave the computer available for an unauthorized person to access information. Advices Setting an inactivity interval for the screensaver prevents unauthorized persons from viewing a system left unattended for an extensive period of time.
2200		Policy Banner : Enable Policy Banner	Low	Not defined
Policy Banner : Enable Policy Banner Introduction Read more > Table of settings UIX Not defined : Values Type : Possible Values : More Informations
2300		Logout : Set Logout delay	High	Not defined		`3600`
Logout : Set Logout delay Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/.GlobalPreferences` RegistryItem : `com.apple.autologout.AutoLogOutDelay` Values Type : Possible Values : More Informations
2400		Windows text : Set Login Window Text	Low	Not defined		`Protected by Cyberlib`
Windows text : Set Login Window Text Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.loginwindow` RegistryItem : `LoginwindowText` Values Type : Possible Values : More Informations
2500		Automatic login : Disable automatic login	Medium	Not defined	`false`	`false`
Automatic login : Disable automatic login Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.loginwindow` RegistryItem : `autoLoginUser` Values Type : Possible Values : More Informations
2600		Console : Disable console logon from the logon screen	Medium	Not defined	`false`	`true`
Console : Disable console logon from the logon screen Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.loginwindow` RegistryItem : `DisableConsoleAccess` Values Type : Possible Values : More Informations
2700		Remote Login : Disable Remote Login		Not defined	`off`	`off`
Remote Login : Disable Remote Login Introduction Read more > Table of settings UIX Not defined : Method Method : `systemsetup` Values Type : Possible Values : More Informations
User Preferences
3000		iCloud : iCloud configuration	High	Not defined	`ND`	`1`
iCloud : iCloud configuration Introduction Read more > Table of settings UIX Not defined : Method Method : `PlistBuddy` Registry RegistryPath : `~/Library/Preferences/MobileMeAccounts.plist` RegistryItem : `Accounts:0:LoggedIn` Values Type : Possible Values : More Informations
3001		iCloud : Enable Find my Mac	High	Not defined	`0`	`2`
iCloud : Enable Find my Mac Introduction Read more > Table of settings UIX Not defined : Method Method : `nvram` Values Type : Possible Values : More Informations
3100		Bluetooth : Disable Bluetooth	Low	Not defined	`true`	`false`
Bluetooth : Disable Bluetooth Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.Bluetooth` RegistryItem : `ControllerPowerState` Values Type : Possible Values : More Informations
3101		Bluetooth : Show Bluetooth status in menu bar	Low	Not defined	`24`	`18`
Bluetooth : Show Bluetooth status in menu bar Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `com.apple.controlcenter.plist` RegistryItem : `Bluetooth` Values Type : Possible Values : More Informations
3102		Bluetooth : Disable Bluetooth Sharing	Low	Not defined	`false`	`false`
Bluetooth : Disable Bluetooth Sharing Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `com.apple.Bluetooth` RegistryItem : `PrefKeyServicesEnabled` Values Type : Possible Values : More Informations
3200		Finder : Show hidden files in Finder	Medium	Not defined	`NO`	`YES`
Finder : Show hidden files in Finder Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.finder` RegistryItem : `AppleShowAllFiles` Values Type : Possible Values : More Informations
3201		Finder : Display all files extentions	Medium	Not defined	`false`	`true`
Finder : Display all files extentions Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `NSGlobalDomain` RegistryItem : `AppleShowAllExtensions` Values Type : Possible Values : More Informations
3202		Finder : Show status bar	Low	Not defined	`false`	`true`
Finder : Show status bar Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `com.apple.finder` RegistryItem : `ShowStatusBar` Values Type : Possible Values : More Informations
3400		Date and Time : Set time and date automatically	High	Not defined		`time.apple.com`
Date and Time : Set time and date automatically Introduction Read more > Table of settings UIX Not defined : Method Method : `systemsetup` Values Type : Possible Values : More Informations
3500		Sharing : Remote Apple Events	Medium	Not defined	`off`	`off`
Sharing : Remote Apple Events Introduction Read more > Table of settings UIX Not defined : Method Method : `systemsetup` Values Type : Possible Values : More Informations
3501		Sharing : Internet Sharing	Medium	Not defined	`0`	`0`
Sharing : Internet Sharing Introduction Read more > Table of settings UIX Not defined : Method Method : `PlistBuddy` Registry RegistryPath : `/Library/Preferences/SystemConfiguration/com.apple.nat.plist` RegistryItem : `NAT:Enabled` Values Type : Possible Values : More Informations
3502		Sharing : Disable Screen Sharing	Medium	Not defined	`disable`	`disable`
Sharing : Disable Screen Sharing Introduction Read more > Table of settings UIX Not defined : Method Method : `launchctl` Values Type : Possible Values : More Informations
3503		Sharing : Disable File Sharing	Medium	Not defined	`disable`	`disable`
Sharing : Disable File Sharing Introduction Read more > Table of settings UIX Not defined : Method Method : `launchctl` Values Type : Possible Values : More Informations
3504		Sharing : Disable DVD or CD Sharing	Medium	Not defined	`disable`	`disable`
Sharing : Disable DVD or CD Sharing Introduction Read more > Table of settings UIX Not defined : Method Method : `launchctl` Values Type : Possible Values : More Informations
3505		Sharing : Disable Media Sharing	Medium	Not defined	`0`	`0`
Sharing : Disable Media Sharing Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `com.apple.amp.mediasharingd` RegistryItem : `home-sharing-enabled` Values Type : Possible Values : More Informations
3600		Location : Enable Location Services	Medium	Not defined	`disable`	`enable`
Location : Enable Location Services Introduction Read more > Table of settings UIX Not defined : Method Method : `launchctl` Values Type : Possible Values : More Informations
3700		Diagnostic : Disable sending diagnostic and usage data to Apple	Medium	Not defined		`false`
Diagnostic : Disable sending diagnostic and usage data to Apple Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Application\ Support/CrashReporter/DiagnosticMessagesHistory` RegistryItem : `AutoSubmit` Values Type : Possible Values : More Informations
3701		Diagnostic : Share with App Developers	Medium	Not defined		`false`
Diagnostic : Share with App Developers Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Application\ Support/CrashReporter/DiagnosticMessagesHistory` RegistryItem : `ThirdPartyDataSubmit` Values Type : Possible Values : More Informations
3800		Advertisements : Limit Ad tracking and personalized Ads	Medium	Not defined		`false`
Advertisements : Limit Ad tracking and personalized Ads Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `~/Library/Preferences/com.apple.AdLib` RegistryItem : `allowApplePersonalizedAdvertising` Values Type : Possible Values : More Informations
Protections
4000		Systeme intergrity protection : Enable Systeme intergrity protection	High	Not defined	`enable`	`enable`
Systeme intergrity protection : Enable Systeme intergrity protection Introduction Read more > Table of settings UIX Not defined : Method Method : `csrutil` Values Type : Possible Values : More Informations
4100		Gatekeeper : Enable Gatekeeper	High	Not defined	`enable`	`enable`
Gatekeeper : Enable Gatekeeper Introduction Read more > Table of settings UIX Not defined : Method Method : `spctl` Values Type : Possible Values : More Informations
4200		Secure Keyboard Entry : Enable Secure Keyboard Entry in terminal.app	Medium	Not defined	`false`	`true`
Secure Keyboard Entry : Enable Secure Keyboard Entry in terminal.app Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `-app Terminal` RegistryItem : `SecureKeyboardEntry` Values Type : Possible Values : More Informations
Encryption
5000		FileVault : Enable FileVault	High	Not defined	`disable`	`enable`
FileVault : Enable FileVault Introduction Read more > Table of settings UIX Not defined : Method Method : `fdesetup` Values Type : Possible Values : More Informations
Network
6000		Firewall : Enable Firewall	High	Not defined	`0`	`1`
Firewall : Enable Firewall Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.alf` RegistryItem : `globalstate` Values Type : Possible Values : More Informations
6001		Firewall : Enable logging	Low	Not defined	`true`	`true`
Firewall : Enable logging Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.alf` RegistryItem : `loggingenabled` Values Type : Possible Values : More Informations
6002		Firewall : Enable Enable Stealth Mode	Medium	Not defined	`false`	`true`
Firewall : Enable Enable Stealth Mode Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.alf` RegistryItem : `stealthenabled` Values Type : Possible Values : More Informations
6003		Firewall : Disable automatic software whitelisting	Medium	Not defined	`true`	`false`
Firewall : Disable automatic software whitelisting Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.alf` RegistryItem : `allowsignedenabled` Values Type : Possible Values : More Informations
6004		Firewall : Disable automatic signed software whitelisting	Medium	Not defined	`true`	`false`
Firewall : Disable automatic signed software whitelisting Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/com.apple.alf` RegistryItem : `allowdownloadsignedenabled` Values Type : Possible Values : More Informations
6005		Firewall : Disable captive portal	Medium	Not defined	`true`	`false`
Firewall : Disable captive portal Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `/Library/Preferences/SystemConfiguration/com.apple.captive.control` RegistryItem : `Active` Values Type : Possible Values : More Informations
6100		Remote Management : Disable Remote Management	Medium	Not defined		`disable`
Remote Management : Disable Remote Management Introduction Read more > Table of settings UIX Not defined : Method Method : `kickstart` Values Type : Possible Values : More Informations
6200		Power Nap : Disable Power Nap	Medium	Not defined	`0`	`0`
Power Nap : Disable Power Nap Introduction Read more > Table of settings UIX Not defined : Method Method : `pmset` Values Type : Possible Values : More Informations
Cache
7000		Disable Content Caching	Medium	Not defined	`deactivate`	`deactivate`
Disable Content Caching Introduction Read more > Table of settings UIX Not defined : Method Method : `AssetCacheManagerUtil` Values Type : Possible Values : More Informations
Siri
8000		Disable Siri	Low	Not defined		`false`
Disable Siri Introduction Read more > Table of settings UIX Not defined : Method Method : `Registry` Registry RegistryPath : `com.apple.assistant.support.plist` RegistryItem : `'Assistant Enabled'` Values Type : Possible Values : More Informations

Welcome to the macOS Hardening Interface

Updates

Software Update : Automatically check new software updates

Introduction

Graphical Method

Table of settings

UIX

Method

Method :

Registry

RegistryPath :

RegistryItem :

Values

Type :

Possible Values :

More Informations

Potential impact

Advices

Notes

Software Update : Automatically download new software updates

Introduction

Graphical Method

Table of settings

UIX

Method

Method :

Registry

RegistryPath :

RegistryItem :

Values

Type :

Possible Values :

More Informations

Potential impact

Advices

Software Update : Enable system data files updates install

Introduction

Graphical Method

Table of settings

UIX

Method

Method :

Registry

RegistryPath :

RegistryItem :

Values

Type :

Possible Values :

More Informations

Potential impact

Advices

Software Update : Enable security updates install

Introduction

Graphical Method

Table of settings

UIX

Method

Method :

Registry

RegistryPath :

RegistryItem :

Values

Type :

Possible Values :

More Informations

Potential impact

Advices

Software Update : Automatically install macOS updates

Introduction

Graphical Method

Table of settings

UIX

Method

Method :

Registry

RegistryPath :

RegistryItem :

Values

Type :

Possible Values :