| Check | Status | Finding | |
|---|---|---|---|
|
Password manager
SOC 2 CC6.1
|
Pass |
Bitwarden
evidence$ ls -d /Applications/Bitwarden.app /Applications/Bitwarden.app |
|
|
Disk encryption
SOC 2 CC6.1 · CC6.7
|
Pass |
on
evidence$ fdesetup status FileVault is On. |
|
|
Screen lock
SOC 2 CC6.1
|
Pass |
5 min
evidence$ defaults read com.apple.screensaver askForPassword 1 $ defaults read com.apple.screensaver askForPasswordDelay 300 |
|
|
Antivirus / EDR
SOC 2 CC6.8 · CC7.1
|
Warn |
XProtect only (built-in)→third-party AV/EDR
evidence$ ls -d /Library/Apple/System/Library/CoreServices/XProtect.app /Library/Apple/System/Library/CoreServices/XProtect.app |
|
|
Application firewall
SOC 2 CC6.6
|
Pass |
on
evidence$ /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate Firewall is enabled. (State = 1) |
|
|
Gatekeeper
SOC 2 CC6.8
|
Pass |
enabled
evidence$ spctl --status assessor: enabled |
|
|
System integrity (SIP)
SOC 2 CC6.8
|
Fail |
disabled→enabled
evidence$ csrutil status System Integrity Protection status: disabled. |
|
|
Remote login (SSH)
SOC 2 CC6.6
|
Pass |
off
evidence$ launchctl print system/com.openssh.sshd (no output) |
|
|
Local admin rights
SOC 2 CC6.3
|
Pass |
standard user
evidence$ id uid=502(alice) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts) |
|
|
Guest account
SOC 2 CC6.1
|
Pass |
disabled
evidence$ defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 0 |
|
|
Automatic login
SOC 2 CC6.1
|
Pass |
disabled
evidence$ defaults read /Library/Preferences/com.apple.loginwindow autoLoginUser (no output) |
|
|
Touch ID for sudo
SOC 2 CC6.1 · CC6.3
|
Pass |
enabled
evidence$ cat /etc/pam.d/sudo_local auth sufficient pam_tid.so $ cat /etc/pam.d/sudo # sudo: auth account password session auth include sudo_local auth sufficient pam_smartcard.so auth required pam_opendirectory.so |
|
|
Sharing services
SOC 2 CC6.6
|
Pass |
all off
evidence$ launchctl list com.apple.smbd (no output) $ launchctl list com.apple.screensharing (no output) $ launchctl list com.apple.RemoteDesktopAgent (no output) $ launchctl list com.apple.InternetSharing (no output) |
|
|
AirDrop
SOC 2 CC6.6
|
Pass |
Off
evidence$ defaults read com.apple.sharingd DiscoverableMode Off |
|
|
Automatic OS updates
SOC 2 CC6.8
|
Pass |
on
evidence$ defaults read /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled 1 |
|
|
OS patch status
SOC 2 CC6.8
|
Pass |
15.4.1
evidence$ sw_vers -productVersion 15.4.1 $ defaults read /Library/Preferences/com.apple.SoftwareUpdate PendingUpdateCount 0 |
| Check | SOC 2 | ISO 27001 | NIST CSF | CIS v8 | |
|---|---|---|---|---|---|
| Password manager | CC6.1 | A.5.17 · A.8.5 | PR.AC-1 · PR.AC-7 | 5.2 · 5.4 | |
| Disk encryption | CC6.1 · CC6.7 | A.8.3 · A.8.24 | PR.DS-1 · PR.DS-5 | 3.6 · 3.11 | |
| Screen lock | CC6.1 | A.8.1 · A.8.5 | PR.AC-3 · PR.AC-7 | 4.3 | |
| Antivirus / EDR | CC6.8 · CC7.1 | A.8.7 | DE.CM-4 · PR.PT-3 | 10.1 · 10.2 | |
| Application firewall | CC6.6 | A.8.20 · A.8.22 | PR.AC-5 · DE.CM-1 | 4.5 · 12.1 | |
| Gatekeeper | CC6.8 | A.8.7 · A.8.19 | PR.PT-3 · DE.CM-4 | 2.6 · 10.5 | |
| System integrity (SIP) | CC6.8 | A.8.7 · A.8.9 | PR.PT-3 · PR.IP-1 | 2.5 · 10.5 | |
| Remote login (SSH) | CC6.6 | A.8.20 · A.8.21 | PR.AC-5 · PR.AC-3 | 4.8 · 12.1 | |
| Local admin rights | CC6.3 | A.5.15 · A.8.2 | PR.AC-4 | 5.4 · 5.5 | |
| Guest account | CC6.1 | A.5.15 · A.8.5 | PR.AC-1 | 5.3 | |
| Automatic login | CC6.1 | A.8.5 | PR.AC-1 · PR.AC-7 | 4.3 | |
| Touch ID for sudo | CC6.1 · CC6.3 | A.5.17 · A.8.5 | PR.AC-7 | 6.3 · 6.5 | |
| Sharing services | CC6.6 | A.8.20 · A.8.21 | PR.AC-5 · PR.PT-3 | 4.8 · 12.1 | |
| AirDrop | CC6.6 | A.8.20 | PR.DS-5 | 3.14 · 12.1 | |
| Automatic OS updates | CC6.8 | A.8.8 | PR.IP-12 · ID.RA-1 | 7.1 · 7.3 | |
| OS patch status | CC6.8 | A.8.8 | PR.IP-12 · ID.RA-1 | 7.4 · 7.5 |