Feature/CIS-Controls-Sonoma (#15980)

This PR adds support for CIS Controls for macOS 14 - Sonoma. The CIS Control changes from macOS 13 to 14 was minimal: - Removed 5.9 - Added 2.18.1 - tested by running the test profile (ee/cis/macos-14/test/profiles/on-device-dictiation-enabled.mobileconfig) --------- Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
2024-11-06 08:55:24 +00:00 · 2024-01-11 12:51:01 -05:00 · 2024-01-11 12:51:01 -05:00 · 738c722502
commit 738c722502
parent bff2d76b19
101 changed files with 5816 additions and 0 deletions
--- a/ee/cis/macos-14/cis-policy-queries.yml
+++ b/ee/cis/macos-14/cis-policy-queries.yml
--- a/ee/cis/macos-14/test/manual_tests/CIS_2.6.1.3
+++ b/ee/cis/macos-14/test/manual_tests/CIS_2.6.1.3
@ -0,0 +1,21 @@
+Instructions for validating CIS 2.6.1.3
+
+
+Go to settings / Privacy & Security / Location Services
+
+Test 1: 
+    Disable the main switch for Location Services 
+result: 
+    The query should pass.
+
+Test 2: 
+    Enable the main switch for Location Services 
+    Enable only Apple TV app
+result: 
+    The query should pass.
+
+Test 3: 
+    Enable the main switch for Location Services 
+    Enable any app other than Apple TV
+result: 
+    The query should fail.    
--- a/ee/cis/macos-14/test/profiles/1.2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/1.2.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.SoftwareUpdate</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-1.2.check</string>
+			<key>PayloadUUID</key>
+			<string>4DC539B5-837E-4DC3-B60B-43A8C556A8F0</string>
+			<key>AutomaticCheckEnabled</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Auto Update Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-1.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>03E69A02-02CE-4CA0-8F17-3BAAD5D3852F</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/1.3.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/1.3.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.SoftwareUpdate</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-1.3.check</string>
+			<key>PayloadUUID</key>
+			<string>5FDE6D58-79CD-447A-AFB0-BA32D889C396</string>
+			<key>AutomaticDownload</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Download New Updates When Available Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-1.3</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>0A1C2F97-D6FA-4CDB-ABB6-47DF2B151F4F</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/1.4.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/1.4.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.SoftwareUpdate</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-1.4.check</string>
+			<key>PayloadUUID</key>
+			<string>15BF7634-276A-411B-8C4E-52D89B4ED82C</string>
+			<key>AutomaticallyInstallMacOSUpdates</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Install of macOS Updates Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-1.4</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>7DB8733E-BD11-4E88-9AE0-273EF2D0974B</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/1.5.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/1.5.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.SoftwareUpdate</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-1.5.check</string>
+			<key>PayloadUUID</key>
+			<string>6B0285F8-5DB8-4F68-AA6E-2333CCD6CE04</string>
+			<key>AutomaticallyInstallAppUpdates</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Install Application Updates from the App Store Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-1.5</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>1C4C0EC4-64A7-4AF0-8807-A3DD44A6DC76</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/1.6.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/1.6.mobileconfig
@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.SoftwareUpdate</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-1.6.check</string>
+			<key>PayloadUUID</key>
+			<string>0D8F676A-A705-4F57-8FF8-3118360EFDEB</string>
+			<key>ConfigDataInstall</key>
+			<true/>
+			<key>CriticalUpdateInstall</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Install Security Responses and System Files Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-1.6</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>EBEE9B81-9D33-477F-AFBE-9691360B7A74</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/1.7.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/1.7.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-1.7.check</string>
+			<key>PayloadUUID</key>
+			<string>123FD592-D1C3-41FD-BC41-F91F3E1E2CF4</string>
+			<key>enforcedSoftwareUpdateDelay</key>
+			<integer>29</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Software Update Deferment Is Less Than or Equal to 30 Days</string>
+	<key>PayloadIdentifier</key>
+	<string>com.zwass.cis-1.7</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>385A0C13-2472-41B3-851C-1311FA12EB49</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.1.1.1-enable.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.1.1.1-enable.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.1.1.1.check-enable</string>
+			<key>PayloadUUID</key>
+			<string>68D8C498-FB81-4262-9EF4-E689B5A6B40F</string>
+			<key>allowCloudKeychainSync</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure iCloud Keychain is enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.1.1.1-enable</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>EE1BA83A-E145-4F5B-9597-836DC357BBE7</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.1.1.2-disable.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.1.1.2-disable.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.1.1.2.check-disable</string>
+			<key>PayloadUUID</key>
+			<string>1028E002-9AFE-446A-84E0-27DA5DA39B4A</string>
+			<key>allowCloudDocumentSync</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Disable iCloud Drive storage solution usage</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.1.1.2-disable</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>7B3DE4EA-0AFA-44F5-9716-37526EE441EA</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.1.1.2-enable.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.1.1.2-enable.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.1.1.2.check-enable</string>
+			<key>PayloadUUID</key>
+			<string>8618AA0E-B6AC-4D1C-AE01-C46956EC1926</string>
+			<key>allowCloudDocumentSync</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Enable iCloud Drive storage solution usage</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.1.1.2-enable</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>2C2FC587-14E8-4A52-98B5-30BA1C975BBA</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.1.1.3.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.1.1.3.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.1.1.3.check</string>
+			<key>PayloadUUID</key>
+			<string>5F0EF767-200C-4E10-A43D-04204A4A8E06</string>
+			<key>allowCloudDesktopAndDocuments</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure iCloud Drive Document and Desktop Sync Is Disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.1.1.3</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>2EAF168E-3DC9-4375-AA37-501EDB3C8422</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.10.3.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.10.3.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.loginwindow</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.10.3.check</string>
+			<key>PayloadUUID</key>
+			<string>3E4C4ED8-ADB6-4EFB-8198-58027B94DF86</string>
+			<key>LoginwindowText</key>
+			<string>Some Test Message</string>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure a Custom Message for the Login Screen Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.10.3</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>9359CA59-D3C1-4A0D-8595-9E5F1F0CAE12</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.12.3.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.12.3.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.loginwindow</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.12.3.check</string>
+			<key>PayloadUUID</key>
+			<string>CB576629-19E2-4649-84FC-C007826732A0</string>
+			<key>com.apple.login.mcx.DisableAutoLoginClient</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Automatic Login Is Disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.12.3</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>0AEDE730-9466-47D1-B322-3C6F325B3737</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.2.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.2.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.security.firewall</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.2.1.check</string>
+			<key>PayloadUUID</key>
+			<string>D12965C1-12BD-4CAD-A55A-E7F020B0DAAF</string>
+			<key>EnableFirewall</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Firewall Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.2.1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>F0BFF592-1CB7-4922-B2D4-583415DC4A0B</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.2.2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.2.2.mobileconfig
@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.security.firewall</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.2.2.check</string>
+			<key>PayloadUUID</key>
+			<string>2D2A07FB-3700-4ED8-AF06-6A2213F4C634</string>
+			<key>EnableFirewall</key>
+			<true/>
+			<key>EnableStealthMode</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Firewall Stealth Mode Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.2.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>E0B831D6-F214-4F1F-967C-B75B38B26708</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.3.1.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.3.1.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.3.1.1.check</string>
+			<key>PayloadUUID</key>
+			<string>22F2E52E-E593-40F7-8635-E067EDEE4F60</string>
+			<key>allowAirDrop</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure AirDrop Is Disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.3.1.1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>55DC048E-1490-4A26-8A97-4A4EA91A7302</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.3.1.2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.3.1.2.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.3.1.2.check</string>
+			<key>PayloadUUID</key>
+			<string>BF58FD50-E4EC-4427-A549-1BCD7B88FCEB</string>
+			<key>allowAirPlayIncomingRequests</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure AirPlay Receiver Is Disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.3.1.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>633BD4E3-849E-485E-A784-AA80D86E83A3</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.3.2.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.3.2.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.3.2.1.check</string>
+			<key>PayloadUUID</key>
+			<string>C5CFF95F-7E77-4B0E-8136-2729A481D60A</string>
+			<key>forceAutomaticDateAndTime</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Set Time and Date Automatically Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.3.2.1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>CEA7E3A6-E5DF-4A93-ABB7-45F36BF3D3E8</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.3.3.10.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.3.3.10.mobileconfig
@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.preferences.sharing.SharingPrefsExtension</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.3.3.10-check</string>
+			<key>PayloadUUID</key>
+			<string>DC34D1FA-3D14-4AEA-844B-FDEC49CD73BB</string>
+			<key>homeSharingUIStatus</key>
+			<integer>0</integer>
+			<key>legacySharingUIStatus</key>
+			<integer>0</integer>
+			<key>mediaSharingUIStatus</key>
+			<integer>0</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Media Sharing is Disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.3.3.10</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>9FD8A0FB-2F7C-41C4-A3FB-90E953BCD433</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.3.3.9.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.3.3.9.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.3.3.9.check</string>
+			<key>PayloadUUID</key>
+			<string>85956359-CF0A-46C8-BD7C-26060ABB9119</string>
+			<key>allowContentCaching</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Content Caching Is Disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.3.3.9</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>AA4372B4-5D36-4660-A2FC-07067C94A91F</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.4.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.4.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.controlcenter</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.4.1.check</string>
+			<key>PayloadUUID</key>
+			<string>B97CBDF6-1EB7-424C-86DE-E11892B223F3</string>
+			<key>WiFi</key>
+			<integer>18</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Show Wi-Fi status in Menu Bar Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.4.1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>2357BB9E-FD15-4E1D-A1CC-12C7798E1483</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.4.2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.4.2.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.controlcenter</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.4.2.check</string>
+			<key>PayloadUUID</key>
+			<string>FC6045C3-FFD7-4C0A-A3D5-ED0ADB9FF391</string>
+			<key>Bluetooth</key>
+			<integer>18</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Show Bluetooth Status in Menu Bar Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.4.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>F997FFD6-7E39-48C7-A451-B12A79B6FA22</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.5.1-disable.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.5.1-disable.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.5.1.check-disable</string>
+			<key>PayloadUUID</key>
+			<string>4B56DF79-ECAF-4175-AACC-95F08A980B6C</string>
+			<key>allowAssistant</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Disable Siri</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.5.1-disable</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>FB3E1980-5FE2-4C8F-BCF8-6FFF4117C962</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.5.1-enable.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.5.1-enable.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.5.1.check-enable</string>
+			<key>PayloadUUID</key>
+			<string>DC0652C5-E996-408F-84A0-9F09657FD771</string>
+			<key>allowAssistant</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Enable Siri</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.5.1-enable</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>F5001E34-CC4D-4951-A7A3-A95DC02F0090</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.6.1.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.6.1.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.locationd</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.6.1.1.check</string>
+			<key>PayloadUUID</key>
+			<string>25D6B210-E8BB-465F-94D7-474073F4A892</string>
+			<key>LocationServicesEnabled</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Location Services Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.6.1.1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>8FC698D7-9EF8-427E-8E52-4B928A7437B0</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.6.2-part1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.6.2-part1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.6.2-part1.check</string>
+			<key>PayloadUUID</key>
+			<string>9A6BF497-B715-453A-A7F7-D27C325EB5B3</string>
+			<key>allowDiagnosticSubmission</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 1)</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.6.2-part1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>7D03459B-AA53-41AB-85C4-AAED7CE95EE9</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.6.2-part2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.6.2-part2.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.SubmitDiagInfo</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.6.2-part2.check</string>
+			<key>PayloadUUID</key>
+			<string>756EF527-5F37-4685-9A0F-21B596D1F895</string>
+			<key>AutoSubmit</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 2)</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.6.2-part2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>C720744B-BBF2-4FE2-B8A9-4638CECC8BB2</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.6.2-part3.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.6.2-part3.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.6.2-part3.check</string>
+			<key>PayloadUUID</key>
+			<string>0FD378F2-B497-42D9-AEAE-C58D855E56FD</string>
+			<key>Siri Data Sharing Opt-In Status</key>
+			<integer>2</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Ensure Sending Diagnostic and Usage Data to Apple Is Disabled(part 3)</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.6.2-part3</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>49A101C5-3401-47E7-90AF-9071D4D65E5D</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.6.3.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.6.3.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.6.3.check</string>
+			<key>PayloadUUID</key>
+			<string>6C5400FF-BBB3-471F-B139-59D86ADA9A3A</string>
+			<key>allowApplePersonalizedAdvertising</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Limit Ad Tracking Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.6.3</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>C215AA26-C3D0-4A77-B884-8B8C918FD197</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.6.4.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.6.4.mobileconfig
@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.systempolicy.control</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.6.4.check</string>
+			<key>PayloadUUID</key>
+			<string>D9E7B5EA-8DA3-4AF1-99CD-30ED18EF47F1</string>
+			<key>EnableAssessment</key>
+			<true/>
+			<key>AllowIdentifiedDevelopers</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Gatekeeper Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.6.4</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>1991574F-155E-4FC1-AD47-FDC4DC3B07B4</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.6.5.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.6.5.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.MCX</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.6.5.check</string>
+			<key>PayloadUUID</key>
+			<string>D56F90DC-6F90-4BEB-8D0F-263D062EC612</string>
+			<key>dontAllowFDEDisable</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure FileVault Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.6.5</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>804CCF1F-2814-4B73-95EE-DB0B4FF67103</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.8.1.disable.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.8.1.disable.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.universalcontrol</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.8.1.check-disabled</string>
+			<key>PayloadUUID</key>
+			<string>A6481AEB-354C-4718-9E01-B4562C7F341A</string>
+			<key>Disable</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Universal Control is disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.8.1-disabled</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>8EA6B5B4-A0EF-49B3-8A6E-C8F02C27456B</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/2.8.1.enable.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/2.8.1.enable.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.universalcontrol</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.8.1.check-enabled</string>
+			<key>PayloadUUID</key>
+			<string>F39058CB-027B-453D-B2DF-414F9B84D241</string>
+			<key>Disable</key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Universal Control is enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.8.1-enabled</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>ECC41516-FFD8-4321-9696-63B1939CB956</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/3.6.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/3.6.mobileconfig
@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.security.firewall</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-3.6.check</string>
+			<key>PayloadUUID</key>
+			<string>604D8218-D7B6-43B1-95E6-DFCA4C25D73D</string>
+			<key>EnableFirewall</key>
+			<true/>
+			<key>EnableLogging</key>
+			<true/>
+			<key>LoggingOption</key>
+			<string>detail</string>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Firewall Logging Is Enabled and Configured</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-3.6</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>5E27501E-50DF-4804-9DEC-0E63C34E8831</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/4.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/4.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.mDNSResponder</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-4.1.check</string>
+			<key>PayloadUUID</key>
+			<string>08FEA43B-CE9B-4098-804C-11459D109992</string>
+			<key>NoMulticastAdvertisements</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Bonjour Advertising Services Is Disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-4.1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>25BD1312-2B79-40C7-99FA-E60B49A1883E</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/5.2.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/5.2.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.mobiledevice.passwordpolicy</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-5.2.1.check</string>
+			<key>PayloadUUID</key>
+			<string>749F9F38-7AD2-4FC6-8F88-672F3AB79F82</string>
+			<key>maxFailedAttempts</key>
+			<integer>5</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Password Account Lockout Threshold Is Configured</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-5.2.1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>F886BF2C-12D2-428B-BCF0-55823908F426</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/5.2.2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/5.2.2.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.mobiledevice.passwordpolicy</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-5.2.2.check</string>
+			<key>PayloadUUID</key>
+			<string>A7C54C32-6519-4335-A673-B20D3015B432</string>
+			<key>minLength</key>
+			<integer>15</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Password Minimum Length Is Configured</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-5.2.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>415F567D-83F4-4AB5-BCFA-7AC8B707DCFD</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/5.2.3-and-5.2.4.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/5.2.3-and-5.2.4.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.mobiledevice.passwordpolicy</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-5.2.3-and-5.2.4.check</string>
+			<key>PayloadUUID</key>
+			<string>207388F7-0144-4518-9CCD-9E488EF9C5D7</string>
+			<key>requireAlphanumeric</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Require AlphaNumeric characters in password</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-5.2.3-and-5.2.4</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>19BDCDC8-7E9E-48A6-9468-F87EE865F677</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/5.2.5.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/5.2.5.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.mobiledevice.passwordpolicy</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-5.2.5.check</string>
+			<key>PayloadUUID</key>
+			<string>46BD11BD-116C-4E95-9575-6EDFDE0F110F</string>
+			<key>minComplexChars</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Require Special characters in password</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-5.2.5</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>C8CEE953-50F3-48E6-B462-FA98D931A906</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/5.2.7.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/5.2.7.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.mobiledevice.passwordpolicy</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-5.2.7.check</string>
+			<key>PayloadUUID</key>
+			<string>F5515451-97EC-4CCB-B442-CDF0C546BC27</string>
+			<key>maxPINAgeInDays</key>
+			<integer>365</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Password Age Is Configured</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-5.2.7</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>AEF56396-50CC-4E5A-9C6D-CBAE6A5E13B5</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/5.2.8.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/5.2.8.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.mobiledevice.passwordpolicy</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-5.2.8.check</string>
+			<key>PayloadUUID</key>
+			<string>5227E361-F971-44B3-B706-B04BA0D3B186</string>
+			<key>pinHistory</key>
+			<integer>15</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Password History Is Configured</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-5.2.8</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>0AD34391-5C19-4229-AA10-EB6A169D15EB</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/6.3.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/6.3.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+	<dict>
+		<key>PayloadContent</key>
+		<array>
+			<dict>
+				<key>PayloadDisplayName</key>
+				<string>test</string>
+				<key>PayloadType</key>
+				<string>com.apple.Safari</string>
+				<key>PayloadIdentifier</key>
+				<string>com.fleetdm.cis-6.3.1.check</string>
+				<key>PayloadUUID</key>
+				<string>3CAAC721-D492-45AC-95E4-8ECBF81EA21E</string>
+				<key>AutoOpenSafeDownloads</key>
+				<false/>
+			</dict>
+		</array>
+		<key>PayloadDescription</key>
+		<string>test</string>
+		<key>PayloadDisplayName</key>
+		<string>Ensure Automatic Opening of Safe Files in Safari Is Disabled</string>
+		<key>PayloadIdentifier</key>
+		<string>com.fleetdm.cis-6.3.1</string>
+		<key>PayloadRemovalDisallowed</key>
+		<false/>
+		<key>PayloadScope</key>
+		<string>System</string>
+		<key>PayloadType</key>
+		<string>Configuration</string>
+		<key>PayloadUUID</key>
+		<string>2556F162-9AE5-4163-92C1-F89A2847C80E</string>
+		<key>PayloadVersion</key>
+		<integer>1</integer>
+	</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/6.3.2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/6.3.2.mobileconfig
@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.Safari</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-6.3.2.check</string>
+			<key>PayloadUUID</key>
+			<string>61BC98A2-9482-4EB3-9184-FB6A8B8E33E8</string>
+			<key>HistoryAgeInDaysLimit</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Audit History and Remove History Items</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-6.3.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>1D6C407D-8C28-4BDC-9837-DF5ED49E8059</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
+
--- a/ee/cis/macos-14/test/profiles/6.3.3.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/6.3.3.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+	<dict>
+		<key>PayloadContent</key>
+		<array>
+			<dict>
+				<key>PayloadDisplayName</key>
+				<string>test</string>
+				<key>PayloadType</key>
+				<string>com.apple.Safari</string>
+				<key>PayloadIdentifier</key>
+				<string>com.fleetdm.cis-6.3.3.check</string>
+				<key>PayloadUUID</key>
+				<string>AA1CF4AE-446C-41B0-8B06-ADEAEF9F0505</string>
+				<key>WarnAboutFraudulentWebsites</key>
+				<true/>
+			</dict>
+		</array>
+		<key>PayloadDescription</key>
+		<string>test</string>
+		<key>PayloadDisplayName</key>
+		<string>Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled</string>
+		<key>PayloadIdentifier</key>
+		<string>com.fleetdm.cis-6.3.3</string>
+		<key>PayloadRemovalDisallowed</key>
+		<false/>
+		<key>PayloadScope</key>
+		<string>System</string>
+		<key>PayloadType</key>
+		<string>Configuration</string>
+		<key>PayloadUUID</key>
+		<string>130308F8-916A-449D-9711-34A31DCCD39D</string>
+		<key>PayloadVersion</key>
+		<integer>1</integer>
+	</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/6.3.4.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/6.3.4.mobileconfig
@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.Safari</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-6.3.4.check</string>
+			<key>PayloadUUID</key>
+			<string>E0560069-04EF-4985-815E-987A304F8EB7</string>
+			<key>BlockStoragePolicy</key>
+			<integer>2</integer>
+			<key>WebKitPreferences.storageBlockingPolicy</key>
+			<integer>1</integer>
+			<key>WebKitStorageBlockingPolicy</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Prevent Cross-site Tracking in Safari Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-6.3.4</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>E1D04566-15CE-458C-A0D1-5F6C7B9A6472</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/6.3.7.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/6.3.7.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.Safari</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-6.3.7.check</string>
+			<key>PayloadUUID</key>
+			<string>A78B534C-0E6D-46C0-97F1-D50178AC5AD0</string>
+			<key>ShowFullURLInSmartSearchField</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Show Full Website Address in Safari Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-6.3.7</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>5A412D8E-5951-42A3-95ED-BD82AD6D3038</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/6.4.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/6.4.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+	<dict>
+		<key>PayloadContent</key>
+		<array>
+			<dict>
+				<key>PayloadDisplayName</key>
+				<string>test</string>
+				<key>PayloadType</key>
+				<string>com.apple.Terminal</string>
+				<key>PayloadIdentifier</key>
+				<string>com.fleetdm.cis-6.4.1.check</string>
+				<key>PayloadUUID</key>
+				<string>E8D36749-D7F8-4280-9B17-D6224B67B63B</string>
+				<key>SecureKeyboardEntry</key>
+				<true/>
+			</dict>
+		</array>
+		<key>PayloadDescription</key>
+		<string>test</string>
+		<key>PayloadDisplayName</key>
+		<string>Ensure Secure Keyboard Entry Terminal.app Is Enabled</string>
+		<key>PayloadIdentifier</key>
+		<string>com.fleetdm.cis-6.4.1</string>
+		<key>PayloadRemovalDisallowed</key>
+		<false/>
+		<key>PayloadScope</key>
+		<string>System</string>
+		<key>PayloadType</key>
+		<string>Configuration</string>
+		<key>PayloadUUID</key>
+		<string>D4C0B4CC-D39A-4F0F-AF8A-AB5A73D02B3F</string>
+		<key>PayloadVersion</key>
+		<integer>1</integer>
+	</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/README.md
+++ b/ee/cis/macos-14/test/profiles/README.md
@ -0,0 +1,64 @@
+# CIS Profiles
+
+On this directory we store the profiles for each CIS benchmark check that will allow us to apply them automatically on macOS VMs.
+
+## How to create one
+
+Let's assume you are creating a profile for CIS 1.6, "Ensure Install Security Responses and System Files Is Enabled".
+
+1. Copy an existing profile:
+```sh
+cp compliance/profiles/2.1.1.3.mobileconfig compliance/profiles/1.6.mobileconfig
+```
+
+2. Generate two unique UUIDs:
+```sh
+$ uuidgen
+380B8EF9-B5E8-4967-A102-52F78EA03AB9
+$ uuidgen
+3C4F942C-C716-48F3-A2E9-52AD7DBE55E0
+```
+
+3. Open the created copy with a text editor and modify the following fields:
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string><!--- Domain of the setting, e.g. com.apple.SoftwareUpdate --></string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-1.6.check <!--- This must be unique and a sub domain of the main profile, thus we add the cis number at the end + ".check" --></string>
+			<key>PayloadUUID</key>
+			<string><!--- Paste one of the generated UUID here, in this case 380B8EF9-B5E8-4967-A102-52F78EA03AB9 --></string>
+			<key><!--- Setting, e.g. CriticalUpdateInstall --></key>
+			<false/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string><!-- Title of the CIS here, e.g. Ensure Install Security Responses and System Files Is Enabled --></string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-1.6</string> <!--- This must be unique, thus we add the cis number at the end -->
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string><!--- Paste the other generated UUID here, in this case 3C4F942C-C716-48F3-A2E9-52AD7DBE55E0 --></string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
+```
+
+4. Place the `.mobileconfig` on the VM and double click the profile.
+5. Go to `System Settings > Profiles` and then install the profile.
--- a/ee/cis/macos-14/test/profiles/not_always_working_2.10.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/not_always_working_2.10.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.screensaver</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.10.1.check</string>
+			<key>PayloadUUID</key>
+			<string>7A3B69E3-9E7D-4797-88A7-1043AE70E7DC</string>
+			<key>idleTime</key>
+			<integer>1200</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.10.1</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>B5B76088-248C-4755-BF2F-73BA6C05B5E9</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/not_always_working_2.10.2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/not_always_working_2.10.2.mobileconfig
@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.screensaver</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.10.2.check</string>
+			<key>PayloadUUID</key>
+			<string>A33F821F-A138-42A0-B657-9F25A0F5ABD5</string>
+			<key>askForPassword</key>
+			<true/>
+			<key>askForPasswordDelay</key>
+			<integer>5</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure a Password is Required to Wake the Computer From Sleep or Screen Saver Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.10.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>BF81079A-0A4A-476B-9318-F4105F3745D9</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/not_always_working_2.10.4.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/not_always_working_2.10.4.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.loginwindow</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.10.4.check</string>
+			<key>PayloadUUID</key>
+			<string>C8D63845-92B8-421D-AD17-00D25DEF626A</string>
+			<key>SHOWFULLNAME</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Login Window Displays as Name and Password Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.10.4</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>43D5AAB6-F9DB-4F7F-A665-43DF4915C7E1</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/not_always_working_2.10.5.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/not_always_working_2.10.5.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.loginwindow</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.10.5.check</string>
+			<key>PayloadUUID</key>
+			<string>21BB3EDD-BE67-42DC-B8CE-C493D01C0296</string>
+			<key>RetriesUntilHint</key>
+			<integer>0</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Show Password Hints Is Disabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.10.5</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>22FEDF5B-8D93-48F7-AE71-E1E2F8C96C30</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/not_always_working_2.6.1.2.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/not_always_working_2.6.1.2.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.locationmenu</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-2.6.1.2.check</string>
+			<key>PayloadUUID</key>
+			<string>25D6B210-E8BB-465F-94D7-474073F4A892</string>
+			<key>ShowSystemServices</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Location Services Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-2.6.1.2</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>8FC698D7-9EF8-427E-8E52-4B928A7437B0</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/not_working_2.3.4.1.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/not_working_2.3.4.1.mobileconfig
@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+        <key>PayloadContent</key>
+        <array>
+                <dict>
+                        <key>PayloadDisplayName</key>
+                        <string>test</string>
+                        <key>PayloadType</key>
+                        <string>com.apple.TimeMachine</string>
+                        <key>PayloadIdentifier</key>
+                        <string>com.fleetdm.cis-2.3.4.1.check</string>
+                        <key>PayloadUUID</key>
+                        <string>D884A50B-C73C-4955-B042-9B6DAF23FAF0</string>
+                        <key>Forced</key>
+                        <array>
+                                <dict>
+                                        <key>mcx_preference_settings</key>
+                                                <dict>
+                                                        <key>AutoBackup</key>
+                                                        <true/>
+                                                </dict>
+                                </dict>
+                        </array>
+                </dict>
+        </array>
+        <key>PayloadDescription</key>
+        <string>test</string>
+        <key>PayloadDisplayName</key>
+        <string>Ensure Backup Automatically is Enabled If Time Machine Is Enabled</string>
+        <key>PayloadIdentifier</key>
+        <string>com.fleetdm.cis-2.3.4.1</string>
+        <key>PayloadRemovalDisallowed</key>
+        <false/>
+        <key>PayloadScope</key>
+        <string>System</string>
+        <key>PayloadType</key>
+        <string>Configuration</string>
+        <key>PayloadUUID</key>
+        <string>582492F2-34C8-4C1C-A264-1885955A3E19</string>
+        <key>PayloadVersion</key>
+        <integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/profiles/on-device-dictiation-enabled.mobileconfig
+++ b/ee/cis/macos-14/test/profiles/on-device-dictiation-enabled.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.applicationaccess</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis.check-cis-on-device-dictation-enabled</string>
+			<key>PayloadUUID</key>
+			<string>4E203BCD-CAFB-4248-B6B0-F2A1AEC55EB1</string>
+			<key>forceOnDeviceOnlyDictation</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure On-Device Dictation Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-on-device-dictation-enabled</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>E155A81F-DCF0-467B-B177-972E67562BFF</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>
--- a/ee/cis/macos-14/test/scripts/CIS_2.10.3.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.10.3.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Test Message 1"
--- a/ee/cis/macos-14/test/scripts/CIS_2.10.4.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.10.4.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true
--- a/ee/cis/macos-14/test/scripts/CIS_2.10.5.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.10.5.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -int 0
--- a/ee/cis/macos-14/test/scripts/CIS_2.11.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.11.1.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo dscl . -list /Users hint . -delete /Users/<username>
--- a/ee/cis/macos-14/test/scripts/CIS_2.12.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.12.1.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool false
+sudo /usr/bin/defaults write /Library/Preferences/com.apple.MCX DisableGuestAccount  -bool true
--- a/ee/cis/macos-14/test/scripts/CIS_2.12.2.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.12.2.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess off
+
+
+# For testing
+# Get Status: /usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess status
+# Set to enabled: /usr/bin/sudo /usr/sbin/sysadminctl -smbGuestAccess on
+
--- a/ee/cis/macos-14/test/scripts/CIS_2.12.3.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.12.3.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo /usr/bin/defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.3.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.3.1.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/launchctl disable system/com.apple.ODSAgent
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.3.2.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.3.2.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/launchctl disable system/com.apple.screensharing
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.3.3.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.3.3.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/launchctl disable system/com.apple.smbd
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.3.4.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.3.4.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/sbin/cupsctl --no-share-printers
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.3.5.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.3.5.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/launchctl disable system/com.openssh.sshd
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.3.6.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.3.6.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.3.7.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.3.7.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/sbin/systemsetup -setremoteappleevents off
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.3.8.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.3.8.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict Enabled -int 0
--- a/ee/cis/macos-14/test/scripts/CIS_2.3.4.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.3.4.1.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+
+# NOTE(lucas): I was not able to set `com.apple.TimeMachine`'s `AutoBackup` via a configuration profile.
+# I tried the profile method documented on the CIS Benchmarks document and after applying it successfully
+# it did not update the value of `AutoBackup`.
+#
+# So for now we are using the following shell command to enable automatic backup of Time Machine destinations.
+/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine.plist AutoBackup -bool true
--- a/ee/cis/macos-14/test/scripts/CIS_2.6.1.2.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.6.1.2.sh
@ -0,0 +1 @@
+sudo /usr/bin/defaults write /Library/Preferences/com.apple.locationmenu.plist ShowSystemServices -bool true
--- a/ee/cis/macos-14/test/scripts/CIS_2.6.2.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.6.2.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+
+sudo /usr/bin/defaults write /Library/Application\
+Support/CrashReporter/DiagnosticMessagesHistory.plist AutoSubmit -bool false
+
+sudo /usr/bin/defaults write /Library/Application\
+Support/CrashReporter/DiagnosticMessagesHistory.plist ThirdPartyDataSubmit -bool false
+
+sudo /bin/chmod 644 /Library/Application\
+Support/CrashReporter/DiagnosticMessagesHistory.plist
+
+sudo /usr/sbin/chgrp admin /Library/Application\
+Support/CrashReporter/DiagnosticMessagesHistory.plist
+
+
+echo "This needs modification"
+sudo -u <username> /usr/bin/defaults write
+/Users/<username>/Library/Preferences/com.apple.assistant.support "Siri DataSharing Opt-In Status" -int 2
+
+# Example:
+# sudo -u sharonkatz /usr/bin/defaults write  /Users/sharonkatz/Library/Preferences/com.apple.assistant.support "Siri Data Sharing Opt-In Status" -int 2
--- a/ee/cis/macos-14/test/scripts/CIS_2.6.4.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.6.4.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo /usr/sbin/spctl --master-enable
--- a/ee/cis/macos-14/test/scripts/CIS_2.6.7.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.6.7.sh
@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -eu
+
+sudo security authorizationdb read system.preferences > /tmp/system.preferences.plist
+defaults write /tmp/system.preferences.plist shared -bool false
+sudo security authorizationdb write system.preferences < /tmp/system.preferences.plist
--- a/ee/cis/macos-14/test/scripts/CIS_2.7.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.7.1.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Set corner action to 0 (no-op).
+# If you wish to not comply with the policy, set any of them to 6.
+
+/usr/bin/sudo -u $USER /usr/bin/defaults write com.apple.dock wvous-br-corner -integer 0
+/usr/bin/sudo -u $USER /usr/bin/defaults write com.apple.dock wvous-bl-corner -integer 0
+/usr/bin/sudo -u $USER /usr/bin/defaults write com.apple.dock wvous-tr-corner -integer 0
+/usr/bin/sudo -u $USER /usr/bin/defaults write com.apple.dock wvous-tl-corner -integer 0
--- a/ee/cis/macos-14/test/scripts/CIS_2.9.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.9.1.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/bin/pmset -a powernap 0
--- a/ee/cis/macos-14/test/scripts/CIS_2.9.2.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.9.2.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/bin/pmset -a womp 0
--- a/ee/cis/macos-14/test/scripts/CIS_2.9.3.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_2.9.3.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [[ $(uname -m) == 'arm64' ]]; then
+	# Apple silicon
+	/usr/bin/sudo /usr/bin/pmset -a standby 900
+	/usr/bin/sudo /usr/bin/pmset -a destroyfvkeyonstandby 1
+	/usr/bin/sudo /usr/bin/pmset -a hibernatemode 25
+else
+	# Intel
+	/usr/bin/sudo /usr/bin/pmset -a standbydelaylow 900
+	/usr/bin/sudo /usr/bin/pmset -a standbydelayhigh 900
+	/usr/bin/sudo /usr/bin/pmset -a highstandbythreshold 90
+	/usr/bin/sudo /usr/bin/pmset -a destroyfvkeyonstandby 1
+	/usr/bin/sudo /usr/bin/pmset -a hibernatemode 25
+fi
--- a/ee/cis/macos-14/test/scripts/CIS_3.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_3.1.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist
+
+# For Testing: After the above command executed:
+#   This will stop the service: /usr/bin/sudo /bin/launchctl stop com.apple.auditd
+#   This will start the service: /usr/bin/sudo /bin/launchctl start com.apple.auditd
--- a/ee/cis/macos-14/test/scripts/CIS_3.2.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_3.2.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+
+cp /etc/security/audit_control ./tmp.txt;
+origFlags=$(cat ./tmp.txt  | grep flags: | grep -v naflags);
+sed "s/${origFlags}/flags:-fm,ad,-ex,aa,-fr,lo,-fw/" ./tmp.txt > /etc/security/audit_control;
+rm ./tmp.txt;
+
+
--- a/ee/cis/macos-14/test/scripts/CIS_3.3.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_3.3.sh
@ -0,0 +1,18 @@
+#!/bin/bash
+
+
+# For QA:
+# Open /etc/asl/com.apple.install for edit and look for a line starting with "* file"
+# If exist delete all_max=XXX
+# If not exist add ttl=365
+
+
+# This section will delete the all_max 
+/usr/bin/sudo sed -E 's/all_max=[0-9]+M//g' /etc/asl/com.apple.install  > ./tmp.txt
+/usr/bin/sudo cp ./tmp.txt /etc/asl/com.apple.install
+/usr/bin/sudo rm ./tmp.txt
+
+/usr/bin/sudo sed -E 's/all_max=[0-9]+G//g' /etc/asl/com.apple.install  > ./tmp.txt
+/usr/bin/sudo cp ./tmp.txt /etc/asl/com.apple.install
+/usr/bin/sudo rm ./tmp.txt
+
--- a/ee/cis/macos-14/test/scripts/CIS_3.4.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_3.4.sh
@ -0,0 +1,25 @@
+#!/bin/bash
+
+cp /etc/security/audit_control ./tmp.txt;
+origExpire=$(cat ./tmp.txt  | grep expire-after);
+sed "s/${origExpire}/expire-after:60d OR 5G/" ./tmp.txt > /etc/security/audit_control;
+rm ./tmp.txt;
+
+
+# Explanation:
+# In your /etc/security/audit_control , look for a line starting at: expire-after
+# Cases to test:
+# SHOULD PASS:   expire-after:60d OR 5G
+# SHOULD PASS:   expire-after:61d OR 5G
+# SHOULD PASS:   expire-after:60d OR 6G
+# SHOULD PASS:   expire-after:61d OR 6G
+
+# SHOULD FAIL:   expire-after:60d
+# SHOULD FAIL:   expire-after:5G
+# SHOULD FAIL:   expire-after:59d OR 5G
+# SHOULD FAIL:   expire-after:60d OR 4G
+# SHOULD FAIL:   expire-after:60D
+# SHOULD FAIL:   expire-after:6g
+# SHOULD FAIL:   expire-after:60D OR 5G
+# SHOULD FAIL:   expire-after:60d OR 5g
+# SHOULD FAIL:   expire-after:60D OR 5g
--- a/ee/cis/macos-14/test/scripts/CIS_3.5.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_3.5.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/sbin/chown -R root:wheel /etc/security/audit_control
+/usr/bin/sudo /bin/chmod -R o-rw /etc/security/audit_control
+/usr/bin/sudo /usr/sbin/chown -R root:wheel /var/audit/
+/usr/bin/sudo /bin/chmod -R o-rw /var/audit/
+
--- a/ee/cis/macos-14/test/scripts/CIS_4.2.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_4.2.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
--- a/ee/cis/macos-14/test/scripts/CIS_4.3.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_4.3.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/launchctl disable system/com.apple.nfsd
+/usr/bin/sudo /bin/rm /etc/exports
--- a/ee/cis/macos-14/test/scripts/CIS_5.1.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.1.1.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+for i in $(/usr/bin/sudo dscl . list /Users | grep -v "^_"); do
+    /usr/bin/sudo /bin/chmod -R og-rwx /Users/"$i"
+done
--- a/ee/cis/macos-14/test/scripts/CIS_5.1.5.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.1.5.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/bin/sudo IFS=$'\n'
+for apps in $( /usr/bin/find /Applications -iname "*\.app" -type d -perm -2 );
+do
+  /bin/chmod -R o-w "$apps"
+done
--- a/ee/cis/macos-14/test/scripts/CIS_5.1.6.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.1.6.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/bin/sudo IFS=$'\n'
+for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -v "Drop Box" );
+do
+  /bin/chmod -R o-w "$sysPermissions"
+done
--- a/ee/cis/macos-14/test/scripts/CIS_5.1.7.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.1.7.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/bin/sudo IFS=$'\n'
+for libPermissions in $( /usr/bin/find /System/Volumes/Data/Library -type d -perm -2 | /usr/bin/grep -v Caches | /usr/bin/grep -v /Preferences/Audio/Data);
+do
+  /bin/chmod -R o-w "$libPermissions"
+done
--- a/ee/cis/macos-14/test/scripts/CIS_5.10.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.10.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/rm -R /Users/Guest
--- a/ee/cis/macos-14/test/scripts/CIS_5.4.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.4.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo 'Defaults timestamp_timeout=0' | sudo tee /etc/sudoers.d/CIS_54_sudoconfiguration
+/usr/bin/sudo /usr/sbin/chown -R root:wheel /etc/sudoers.d/
--- a/ee/cis/macos-14/test/scripts/CIS_5.5.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.5.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo 'Defaults timestamp_type=tty' | sudo tee /etc/sudoers.d/CIS_55_sudoconfiguration
--- a/ee/cis/macos-14/test/scripts/CIS_5.6.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.6.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/sbin/dsenableroot -d
--- a/ee/cis/macos-14/test/scripts/CIS_5.7.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.7.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /usr/bin/security authorizationdb write system.login.screensaver use-login-window-ui
--- a/ee/cis/macos-14/test/scripts/CIS_5.8.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_5.8.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+echo "Content of the banner" | sudo tee /Library/Security/PolicyBanner.txt
+/usr/bin/sudo /usr/sbin/chown root:wheel /Library/Security/PolicyBanner.txt
+/usr/bin/sudo /bin/chmod o+r /Library/Security/PolicyBanner.txt
--- a/ee/cis/macos-14/test/scripts/CIS_6.1.1.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_6.1.1.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+
+# For QA: Replace <username> with your test user
+/usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Preferences/.GlobalPreferences.plist AppleShowAllExtensions -bool true
--- a/ee/cis/macos-14/test/scripts/CIS_6.3.6.sh
+++ b/ee/cis/macos-14/test/scripts/CIS_6.3.6.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WebKitPreferences.privateClickMeasurementEnabled -bool true
--- a/ee/cis/macos-14/test/scripts/not_always_working_CIS_2.10.1.sh
+++ b/ee/cis/macos-14/test/scripts/not_always_working_CIS_2.10.1.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+#replace username
+sudo -u <username> /usr/bin/defaults -currentHost write com.apple.screensaver idleTime -int 1200
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`sudo /usr/bin/defaults write /Library/Preferences/com.apple.locationmenu.plist ShowSystemServices -bool true`