Get in Touch
Back to main blog page

What’s changed in the new CIS Benchmarks for Catalina and Mojave?

9th April 2020 | posted by David Acland | Tags: ,

As some of you may have spotted, CIS (https://www.cisecurity.org/) released new security benchmarks for Catalina and Mojave yesterday.

They can be downloaded for free here: https://www.cisecurity.org/cis-benchmarks/

We’ve had a quick read through and thought it would be helpful to highlight the key changes in the Catalina document from the High Sierra version.

The names of each listed item below are taken directly from the CIS benchmark document.

Added

  • 1.3 – Enable Download new updates when available
  • 2.4.10 – Disable Content Caching
  • 2.4.11 – Disable Media Sharing
  • 2.5.9 – Review Advertising settings

Removed

  • 2.11 – Java 6 is not the default Java runtime
  • 5.9 – Enable OCSP and CRL certificate checking
  • 6.4 – Safari disable Internet Plugins for global use

A few other minor changes

  • 3.2 – Configure Security Auditing Flags – This is no longer a scored item
  • 5.10 – This has been expanded from “Ensure system is set to hibernate” to “Ensure system is set to hibernate and Destroy FileVault key”

Lots of the numbers have shuffled around, especially sections 2 and 5.  These are just changes to the numbering, rather than the content

Summary

As you can see, although initially intimidating, there aren’t actually that many changes from High Sierra (macOS 10.13) to Catalina (macOS 10.15).  If you’re already applying the CIS settings to your devices, you’ll only have a few things to add to bring yourself up to date.

If you want help implementing CIS for the Macs in your organisation, get in touch with the Moof team: hello@moof-it.co.uk


Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

Moof IT - What is Zero Touch Deployment?
What is Zero Touch Deployment? And Does It Work?
20th July 2021

If you’re managing a scaling macOS estate, that’s good news; clearly, the business in question…

Multi-Factor Authentication and why it’s absolutely needed in your business!
20th August 2019

What is MFA? Multi-Factor Authentication (sometimes referred to as 2-Factor Authentication) is an enhanced security…

Case Study – LJMU
6th July 2020

We have recently completed an Apple management project with Liverpool John Moores University, Alex Parker…

MacADUK 2019
18th March 2019

Update: Here’s a copy of the slides from my talk on the 26th March: Slide deck…

Changes to macOS version comparisons in macOS Big Sur
18th November 2020

Old and busted Up until now, we’ve been using the “Product Version” (i.e. 10.15.7) of…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444

Email: hello@moof-it.co.uk

London: 1st Floor 20 Noel Street London W1F 8GW

Manchester: The Sharp Project, Thorp Rd, Manchester M40 5BJ

Surrey: Unit 9B, Southbridge House, Southbridge Place, Croydon CR0 4HA

Social Media