CIS + STIG + NIST + Apple + Users = X.pdf

Transcript

1. © JAMF Software, LLC CIS + STIG + NIST +

   Apple + Users = X 9:00 - 9:45 a.m. UP NEXT
2. None

3. © JAMF Software, LLC Erin McDonald Senior Professional Services Engineer

   Jamf 275x275 head shot In session recording, Picture-in-Picture of you presenting will be placed here. Please don’t put anything especially important in this area.

4. © JAMF Software, LLC In session recording, Picture-in-Picture of you

   presenting will be placed here. Please don’t put anything especially important in this area. CIS + STIG + NIST + Apple + Users = X Presentation agenda: What is… Intersections Divergences How to deploy

5. © JAMF Software, LLC In session recording, Picture-in-Picture of you

   presenting will be placed here. Please don’t put anything especially important in this area. Before we begin…

6. © JAMF Software, LLC In session recording, Picture-in-Picture of you

   presenting will be placed here. Please don’t put anything especially important in this area. What is… CIS Center for Internet Security Provides security guidelines for multiple OSes Volunteer-built

7. © JAMF Software, LLC In session recording, Picture-in-Picture of you

   presenting will be placed here. Please don’t put anything especially important in this area. What is… STIG Security Technical Implementation Guide Released by DISA Public resources available at https://public.cyber.mil/stigs/

8. © JAMF Software, LLC In session recording, Picture-in-Picture of you

   presenting will be placed here. Please don’t put anything especially important in this area. What is… NIST National Institute of Standards and Technology Agency within the US Dept of Commerce Publicly available guidelines for securing macOS devices only reference macOS 10.12

9. © JAMF Software, LLC In session recording, Picture-in-Picture of you

   presenting will be placed here. Please don’t put anything especially important in this area. Where they agree • Encryption - FileVault 2 • System Integrity Protection • ScreenSaver settings • Login Window banner • Firewall logging

10. © JAMF Software, LLC Where they agree • Display login

    window as name and password • Disable services such as file sharing, Bonjour, internet sharing • Disable root access • Enable audit logging and ensure proper permissions

11. © JAMF Software, LLC Where they agree • Disable auto

    login • Require password after sleep • Disable Remote Apple Events • Enable Gatekeeper

12. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • Disable Wi-Fi • Disable unused network devices • Remove temp and emergency accounts after 72 hrs • Disable FaceTime, Messages, 
 Camera

13. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • iCloud settings • Enabling specific SSH settings • Disable iTunes File Sharing • Require smart cards

14. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • Disable location services • Updates must come from DoD server • Install AV and network scanning tools • Real time alerts for audit failure

15. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Use Apple products on enterprise networks https://support.apple.com/en-us/HT210060 Provides detail on hostnames, ports, and proxy support

16. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Apple Certification Updates FIPS 140-2 Level 2 validation for Apple Secure Enclave Processor (SEP) Secure Key Store Module, v9.0 https://support.apple.com/en-us/HT209632

17. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Apple Certification Updates August 1, 2019 - Apple has received ISO 27001 & 27018 certifications expanding to include Apple Push Notification Service (APNs), Apple Business Manager and Apple Business Chat services

18. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR • 8 character minimum when a human sets it • 6 character minimum when set by a system/service • Support at least 64 characters maximum length • All ASCII characters (including space) should be supported

19. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR, continued • Truncation of the secret (password) shall not be performed when processed • Check chosen password with known password dictionaries • Allow at least 10 password attempts before lockout • No complexity requirements

20. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR, continued • No password expiration period • No password hints • No knowledge-based authentication (e.g. who was your best friend in high school?) • No SMS for 2FA (use a one-time password from an app like Google Authenticator)

21. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines FAQ for NIST Digital Identity Guidelines https://pages.nist.gov/800-63-FAQ/

22. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Users

23. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Deploying - How to solve for X Organization requirements Understand implications of each setting Audit first, then remediate small Communicate security expectations / settings to users

24. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Jamf Protect Insights - Allows you to set 
 which CIS Benchmarks you wish to audit against Deploying - How to solve for X

25. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. 780 px 650 px CIS Audit and Remediation Available at https://jamf.it/CIS Deploying - How to solve for X

26. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. 780 px 650 px STIG Audit and Remediation Available at https://jamf.it/STIG Deploying - How to solve for X

27. © JAMF Software, LLC UP NEXT An Insider’s Look at

    APU 10:15 - 11:00 a.m. Thank you for listening! Give us feedback by completing the 2-question session survey in the JNUC 2019 app.