Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CIS + STIG + NIST + Apple + Users = X.pdf

Jamf
November 13, 2019
0
91

CIS + STIG + NIST + Apple + Users = X.pdf

Jamf

November 13, 2019
Tweet

More Decks by Jamf

See All by Jamf
MDM for Everyone
jamf
0
97
Off-boarding in a Modern Deployment
jamf
0
520
Sharing Control to Improve Process and Relationships
jamf
0
44
Roll Your Own Configuration Profiles
jamf
0
410
Teaching the Teacher: Leveraging Jamf and Apple Resources for Professional Development with iPad
jamf
0
73
Jamf@SAP: Journey to 100,000 Mobile Devices
jamf
0
200
What's in the Blue Bin: Recycled Malware
jamf
0
240
Who's Afraid of the Command Line
jamf
0
220
Your Internal Beta Test Program: Opt-in/Opt-out via Self Service
jamf
0
130

Featured

See All Featured
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
YesSQL, Process and Tooling at Scale
rocio
169
14k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Speed Design
sergeychernyshev
25
620
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k

Transcript

  1. © JAMF Software, LLC CIS + STIG + NIST +

    Apple + Users = X 9:00 - 9:45 a.m. UP NEXT
  2. None

  3. © JAMF Software, LLC Erin McDonald Senior Professional Services Engineer

    Jamf 275x275 head shot In session recording, Picture-in-Picture of you presenting will be placed here. Please don’t put anything especially important in this area.

  4. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. CIS + STIG + NIST + Apple + Users = X Presentation agenda: What is… Intersections Divergences How to deploy

  5. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Before we begin…

  6. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. What is… CIS Center for Internet Security Provides security guidelines for multiple OSes Volunteer-built

  7. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. What is… STIG Security Technical Implementation Guide Released by DISA Public resources available at https://public.cyber.mil/stigs/

  8. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. What is… NIST National Institute of Standards and Technology Agency within the US Dept of Commerce Publicly available guidelines for securing macOS devices only reference macOS 10.12

  9. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they agree • Encryption - FileVault 2 • System Integrity Protection • ScreenSaver settings • Login Window banner • Firewall logging

  10. © JAMF Software, LLC Where they agree • Display login

    window as name and password • Disable services such as file sharing, Bonjour, internet sharing • Disable root access • Enable audit logging and ensure proper permissions

  11. © JAMF Software, LLC Where they agree • Disable auto

    login • Require password after sleep • Disable Remote Apple Events • Enable Gatekeeper

  12. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • Disable Wi-Fi • Disable unused network devices • Remove temp and emergency accounts after 72 hrs • Disable FaceTime, Messages, 
 Camera

  13. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • iCloud settings • Enabling specific SSH settings • Disable iTunes File Sharing • Require smart cards

  14. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • Disable location services • Updates must come from DoD server • Install AV and network scanning tools • Real time alerts for audit failure

  15. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Use Apple products on enterprise networks https://support.apple.com/en-us/HT210060 Provides detail on hostnames, ports, and proxy support

  16. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Apple Certification Updates FIPS 140-2 Level 2 validation for Apple Secure Enclave Processor (SEP) Secure Key Store Module, v9.0 https://support.apple.com/en-us/HT209632

  17. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Apple Certification Updates August 1, 2019 - Apple has received ISO 27001 & 27018 certifications expanding to include Apple Push Notification Service (APNs), Apple Business Manager and Apple Business Chat services

  18. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR • 8 character minimum when a human sets it • 6 character minimum when set by a system/service • Support at least 64 characters maximum length • All ASCII characters (including space) should be supported

  19. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR, continued • Truncation of the secret (password) shall not be performed when processed • Check chosen password with known password dictionaries • Allow at least 10 password attempts before lockout • No complexity requirements

  20. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR, continued • No password expiration period • No password hints • No knowledge-based authentication (e.g. who was your best friend in high school?) • No SMS for 2FA (use a one-time password from an app like Google Authenticator)

  21. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines FAQ for NIST Digital Identity Guidelines https://pages.nist.gov/800-63-FAQ/

  22. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Users

  23. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Deploying - How to solve for X Organization requirements Understand implications of each setting Audit first, then remediate small Communicate security expectations / settings to users

  24. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Jamf Protect Insights - Allows you to set 
 which CIS Benchmarks you wish to audit against Deploying - How to solve for X

  25. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. 780 px 650 px CIS Audit and Remediation Available at https://jamf.it/CIS Deploying - How to solve for X

  26. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. 780 px 650 px STIG Audit and Remediation Available at https://jamf.it/STIG Deploying - How to solve for X

  27. © JAMF Software, LLC UP NEXT An Insider’s Look at

    APU 10:15 - 11:00 a.m. Thank you for listening! Give us feedback by completing the 2-question session survey in the JNUC 2019 app.