Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CIS + STIG + NIST + Apple + Users = X.pdf

Jamf
November 13, 2019
90

CIS + STIG + NIST + Apple + Users = X.pdf

Jamf

November 13, 2019
Tweet

Transcript

  1. © JAMF Software, LLC CIS + STIG + NIST +

    Apple + Users = X 9:00 - 9:45 a.m. UP NEXT
  2. © JAMF Software, LLC Erin McDonald Senior Professional Services Engineer

    Jamf 275x275 head shot In session recording, Picture-in-Picture of you presenting will be placed here. Please don’t put anything especially important in this area.
  3. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. CIS + STIG + NIST + Apple + Users = X Presentation agenda: What is… Intersections Divergences How to deploy
  4. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Before we begin…
  5. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. What is… CIS Center for Internet Security Provides security guidelines for multiple OSes Volunteer-built
  6. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. What is… STIG Security Technical Implementation Guide Released by DISA Public resources available at https://public.cyber.mil/stigs/
  7. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. What is… NIST National Institute of Standards and Technology Agency within the US Dept of Commerce Publicly available guidelines for securing macOS devices only reference macOS 10.12
  8. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they agree • Encryption - FileVault 2 • System Integrity Protection • ScreenSaver settings • Login Window banner • Firewall logging
  9. © JAMF Software, LLC Where they agree • Display login

    window as name and password • Disable services such as file sharing, Bonjour, internet sharing • Disable root access • Enable audit logging and ensure proper permissions
  10. © JAMF Software, LLC Where they agree • Disable auto

    login • Require password after sleep • Disable Remote Apple Events • Enable Gatekeeper
  11. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • Disable Wi-Fi • Disable unused network devices • Remove temp and emergency accounts after 72 hrs • Disable FaceTime, Messages, 
 Camera
  12. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • iCloud settings • Enabling specific SSH settings • Disable iTunes File Sharing • Require smart cards
  13. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Where they differ • Disable location services • Updates must come from DoD server • Install AV and network scanning tools • Real time alerts for audit failure
  14. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Use Apple products on enterprise networks https://support.apple.com/en-us/HT210060 Provides detail on hostnames, ports, and proxy support
  15. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Apple Certification Updates FIPS 140-2 Level 2 validation for Apple Secure Enclave Processor (SEP) Secure Key Store Module, v9.0 https://support.apple.com/en-us/HT209632
  16. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Apple Apple Certification Updates August 1, 2019 - Apple has received ISO 27001 & 27018 certifications expanding to include Apple Push Notification Service (APNs), Apple Business Manager and Apple Business Chat services
  17. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR • 8 character minimum when a human sets it • 6 character minimum when set by a system/service • Support at least 64 characters maximum length • All ASCII characters (including space) should be supported
  18. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR, continued • Truncation of the secret (password) shall not be performed when processed • Check chosen password with known password dictionaries • Allow at least 10 password attempts before lockout • No complexity requirements
  19. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines - TL;DR, continued • No password expiration period • No password hints • No knowledge-based authentication (e.g. who was your best friend in high school?) • No SMS for 2FA (use a one-time password from an app like Google Authenticator)
  20. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - NIST Password Guidelines FAQ for NIST Digital Identity Guidelines https://pages.nist.gov/800-63-FAQ/
  21. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Variables in the equation - Users
  22. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Deploying - How to solve for X Organization requirements Understand implications of each setting Audit first, then remediate small Communicate security expectations / settings to users
  23. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. Jamf Protect Insights - Allows you to set 
 which CIS Benchmarks you wish to audit against Deploying - How to solve for X
  24. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. 780 px 650 px CIS Audit and Remediation Available at https://jamf.it/CIS Deploying - How to solve for X
  25. © JAMF Software, LLC In session recording, Picture-in-Picture of you

    presenting will be placed here. Please don’t put anything especially important in this area. 780 px 650 px STIG Audit and Remediation Available at https://jamf.it/STIG Deploying - How to solve for X
  26. © JAMF Software, LLC UP NEXT An Insider’s Look at

    APU 10:15 - 11:00 a.m. Thank you for listening! Give us feedback by completing the 2-question session survey in the JNUC 2019 app.