Sequoia Release 1.1 (#457)

[snoopy82481]

• refactor[rules] STIG IDs

Initial STIG-IDs added to rule files.

• refactor[rules]ccis added

New CCIs added to rules

• refactor[rules] SRGs added

New SRGs added to stig rules

• refactor[rule] pwpolicy_custom_regex_enforce

Remove unneeded SRG

• refactor[rules] Added, Removed, Updated rules

• os_authenticated_root_enable, updated check
• os_directory_services_configured, removed from stig
• os_ess_installed, removed from stig
• os_firewall_log_enable, removed from 15.x
• os_genmoji_disable, added 800-53 and stig
• os_image_generation_disable, added 800-53 and sti.yaml
• os_iphone_mirroring_disable
• os_password_autofill_disable, added 800-53 and sti
• os_ssh_fips_compliant, fixed check/fix
• os_ssh_server_alive_count_max_configure, fixed fix
• os_ssh_server_alive_interval_configure, fixed fix
• os_sshd_fips_compliant, fixed fix/check
• os_sudo_log_enforce, added 800-53 and stig
• os_writing_tools_disable, added 800-53 and sti
• pwpolicy_custom_regex_enforce, updated regex
• system_settings_ssh_enable, removed from stig

• refactor[rules] Removed from STIG

Removed CCI, SRG, STIG ID, and STIG tag

• refactor[rules]Added new STIG IDs

Added STIG ID to

• os_genmoji_disable
• os_image_generation_disable
• os_sudo_log_enforce
• os_writing_tools_disable

• Added new rule file

• Add APPL-15-002023

• added APPL-15-002024

• fix[rules] removed tags for rules removed

removed tags from rules removed from cis

• added os_time_server_enable back to cis

• Update Gitignore

• Updating CIS benchmark and tags in missed rules.

• refactor[rules]ssh fips and sshd fips

Updated check and fix for ssh and sshd for FIPS

• refactor[rules]ssh and sshd fips

added check into sshd to not fix if proper

• Fixed ODV regression for CIS

• added missing path to grep

• removed [ ]

• Fix to not print, and fix multiple entries in .ssh/config

• added dev null redirection, prevention of double entries

• Fixed bin to dev and case insensitive sed

• 800-171 Rev 2 to Rev 3

• Updated media sharing key

• Updated STIG ID

• merge from sequoia

• refactor[rules] ssh fixes

Updated ssh fixes to match os_ssh_fips_compliant

• slightly simplier fix. removed unneeded loop

• slightly simplier fix. removed unneeded loop

• Adjusting CIS numbering.

• fix[rule] fixed path

Fixed path in system_settings_system_wide_preferences_configure

• fix[rule] fixed path on line 63

fixed path in system_settings_system_wide_preferences_configure

• fix[rule] added reference

Added reference to os_sudo_log_enforce

• refactor[rules] Added, Modified and deleted rules

Added os_mail_summary_disable
Added os_photos_enhanced_search_disable
Removed system_settings_cd_dvd_sharing_disable
Modified system_settings_improve_search_disable - updated title Modified system_settings_improve_siri_dictation_disable - updated title

• renamed .yml to .yaml

• changes for upcoming cis release

• refactor - DISA STIG

references updated to sequoia for DISA STIG
baseline file created for disa stig

• added os_sleep_and_display_sleep_apple_silicon_enable to all_rules

• refactor[rules] CNSSI tags added

Added CNSSI1253 low, moderate, high tags

• refactor[baselines] Updated baseline files

Updated cnssi1253 baseline files
Updated all_rules baseline file
Updated CIS baseline files

• udpdated baseline files

• [fix]system_settings_sleep_enforce sleep/displaysleep swap

• updated title

• fix[rule] remove cis tags and reference

remove cis ref & tag from system_settings_improve_search_disable

issue usnistgov#443

• Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable

• Fixing Sleep/displaysleep numbers based on CIS changes.

• Fixing os_sleep_and_display_sleep_apple_silicon_enable

• Removing DRAFT status from CIS

• [fix]rule world writable library folder

os_world_writable_library_folder_configure

issue# 445

• refactor[rules] Added missing CCEs

Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable

• fix[rule] updated odv hint

pwpolicy_custom_regex_enforce odv hint updated

• Update system_settings_improve_assistive_voice_disable

Issue usnistgov#450

• refactor[rules]pwpolicy updates

Removed 800-53 and 800-171 tags

Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09

• refactor[rules] Added external intelligence rules

Added rules to disable external intelligence features for 15.2

• Issue STIG tag missing from system_settings_improve_assistive_voice_disable.yaml usnistgov/macos_security#450

• updated pwpolicy

• Added CCEs

• Removed double stig tag

• updated baseline files

• updated changelog

• removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml

• updated changelog

• update[supplemental]: added 800-63 guidance
  fix[supplemental]: update note about filevault unlock

• refactor[rule] pwpolicy_special_character_enforce

Updated check to allow greater than ODV.

Issue usnistgov#451

• refactor[rules] ssh rules discussion update

Added mention of /usr/libexec/reset-ssh-configuration.

• updated release date and version

• Added uniq to prevent false negatives

• updated authors

• updated release date

---