CIS_MAC13_6.3.2 (#10258)

ee/cis/macos-13/cis-policy-queries.yml

@@ -2128,6 +2128,49 @@ spec:
 ---
 apiVersion: v1
 kind: policy
+spec:
+  name: CIS - Audit Safari Web Browser History and Remove History Items (organization decision needed)(MDM Required)
+  platforms: macOS
+  platform: darwin
+  description: |
+    Organizational management of user web browsing history is a challenge effected by multiple facets. Organizations should decide whether to manage browser history and how much history should be maintained.
+    Rationale:
+    There are conflicting concerns in the retention of browser history. Unlimited retention:
+    - Consumes disk space
+    - Preferred by on disk forensics teams
+    - User searchable for old visited pages
+    - User privacy concerns
+    - Security concerns to retain old links that may be stale or lead to compromised
+    pages or pages with changes or inappropriate content
+    Old browser history becomes stale and the use or misuse of the data can lead to unwanted outcomes. Search engine results are maintained and often provide much more relevant current information than old website visit information.
+  resolution: |
+    Ask your system administrator to deploy an MDM profile that set the history per organization decision
+    Profile Method:
+      Create or edit a configuration profile with the following information:
+      1. The PayloadType string is com.apple.Safari
+      2. The key to include is HistoryAgeInDaysLimit
+      3. The key must be set to: <integer><1,7,14,31,365,36500></integer>
+  query: |
+    SELECT 1 FROM managed_policies WHERE
+      domain = 'com.apple.Safari' AND
+      name = 'HistoryAgeInDaysLimit' AND
+      /*
+       Please replace the checked value bellow to match the one decided by your organization.
+       1 - After one day
+       7 - After one week
+       14 - After two weeks
+       31 - After one month
+       365 - After one year
+       36500 - Set Manually
+      */
+      value = '1' 
+      LIMIT 1;
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level2, CIS-macos-13-6.3.2, decision-needed
+  contributors: sharon-fdm
+---
+apiVersion: v1
+kind: policy
 spec:
   name: CIS - Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled (MDM Required)
   platforms: macOS

ee/cis/macos-13/test/profiles/6.3.2.mobileconfig

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.Safari</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-6.3.2.check</string>
+			<key>PayloadUUID</key>
+			<string>61BC98A2-9482-4EB3-9184-FB6A8B8E33E8</string>
+			<key>HistoryAgeInDaysLimit</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Audit History and Remove History Items</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-6.3.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>1D6C407D-8C28-4BDC-9837-DF5ED49E8059</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
+