diff --git a/ee/cis/macos-13/cis-policy-queries.yml b/ee/cis/macos-13/cis-policy-queries.yml index 601d51c74..23077f7ea 100644 --- a/ee/cis/macos-13/cis-policy-queries.yml +++ b/ee/cis/macos-13/cis-policy-queries.yml @@ -1906,6 +1906,26 @@ spec: --- apiVersion: v1 kind: policy +spec: + name: CIS - Ensure Complex Password Must Contain Special Character Is Configured (MDM Required) + platforms: macOS + platform: darwin + description: | + Complex passwords contain one character from each of the following classes: English uppercase letters, English lowercase letters, Westernized Arabic numerals, and non- alphanumeric characters. Ensure that a special character is part of the password policy on the computer. + resolution: | + Ask your system administrator to deploy an MDM profile that ensures Complex Password Must Contain Special Characters + query: | + SELECT 1 FROM managed_policies WHERE + domain = 'com.apple.mobiledevice.passwordpolicy' AND + name = 'minComplexChars' AND + value >= 1 + LIMIT 1; + purpose: Informational + tags: compliance, CIS, CIS_Level2, CIS-macos-13-5.2.5 + contributors: sharon-fdm +--- +apiVersion: v1 +kind: policy spec: name: CIS - Ensure Password Age Is Configured (Fleetd Required) platforms: macOS diff --git a/ee/cis/macos-13/test/profiles/5.2.5.mobileconfig b/ee/cis/macos-13/test/profiles/5.2.5.mobileconfig new file mode 100644 index 000000000..6194054be --- /dev/null +++ b/ee/cis/macos-13/test/profiles/5.2.5.mobileconfig @@ -0,0 +1,37 @@ + + + + + PayloadContent + + + PayloadDisplayName + test + PayloadType + com.apple.mobiledevice.passwordpolicy + PayloadIdentifier + com.fleetdm.cis-5.2.5.check + PayloadUUID + 46BD11BD-116C-4E95-9575-6EDFDE0F110F + minComplexChars + 1 + + + PayloadDescription + test + PayloadDisplayName + Require Special characters in password + PayloadIdentifier + com.fleetdm.cis-5.2.5 + PayloadRemovalDisallowed + + PayloadScope + System + PayloadType + Configuration + PayloadUUID + C8CEE953-50F3-48E6-B462-FA98D931A906 + PayloadVersion + 1 + +