![For For](/uploads/1/2/5/5/125501521/967950702.png)
INFO: Refers to document CISAppleOSX10.12Benchmarkv1.0.0.pdf, available at USAGE: 1SetOrganizationPriorities Policy: Generally 'Once per computer' unless organizational values change. Admins set organizational compliance for each listed item, which gets written to plist. The values default to 'true,' meaning if an organization wishes to disregard a given item they must set the value to false by changing the associated comment: OrgScore11='true' or OrgScore11='false' The script writes to /Library/Application Support/SecurityScoring/orgsecurityscore.plist by default.
NOTES: Item '1.1 Verify all Apple provided software is current' is disabled by default. Item '5.6 Enable OCSP and CRL certificate checking' is disabled by default. 2SecurityAuditCompliance Policy: Some recurring trigger to track compliance over time. Reads the plist at /Library/Application Support/SecurityScoring/orgsecurityscore.plist. For items prioritized (listed as 'true,') the script queries against the current computer/user environment to determine compliance against each item. Non-compliant items are recorded at /Library/Application Support/SecurityScoring/orgaudit 2.5AuditList Extension Attribute Set as Data Type 'String.'
Jul 6, 2016 - Learning Git is essential if you want to be an advanced developer. We show how to set up, learn and use Git and GitHub on your Mac.
Reads contents of /Library/Application Support/SecurityScoring/orgaudit file and records to Jamf Pro inventory record. 2.6AuditCount Extension Attribute Set as Data Type 'Integer.' Reads contents of /Library/Application Support/SecurityScoring/orgaudit file and records count of items to Jamf Pro inventory record.
Usable with smart group logic (2.6AuditCount greater than 0) to immediately determine computers not in compliance. 3SecurityRemediation Policy: Some recurring trigger to enforce compliance over time. Reads the plist at /Library/Application Support/SecurityScoring/orgsecurityscore.plist. For items prioritized (listed as 'true,') the script applies recommended remediation actions for the client/user. SCORED CIS EXCEPTIONS:.
Does not implement pwpolicy commands (5.2.1 - 5.2.8). Audits but does not actively remediate (due to alternate profile/policy functionality within Jamf Pro):. 2.4.4 Disable Printer Sharing. 2.6.1 Enable FileVault. 2.7.4 iCloud Drive Document sync.
2.7.5 iCloud Drive Desktop sync. 2.11 Java 6 is not the default Java runtime.
5.12 Create a custom message for the Login Screen. 5.13 Create a Login window banner.