MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

 (OSX1026SEC0003:  CAT II) The SA will configure the screen lock out feature to log out

interactive processes (i.e., terminal session) after 15 minutes of inactivity unless a password

protected screen lock mechanism is used and is set to lock the screen after 15 minutes of

inactivity.

(OSX1026SVR0009:  CAT II) The SA will ensure applications executing on Mac OS X

servers requiring continuous, real time screen display (i.e., network management products)

will be exempt from the inactivity requirement provided the following requirements are met:

   The logon session is not a root session.

   The inactivity exemption is justified and documented with the IAO.

   The display station (i.e., keyboard, CRT) is located in a controlled access area.

The Mac OS X operating system uses a tool called the Screen Lock from within the program

Keychain Access (which is different then actually using the keychain function) to allow the user

the ability to manually lock the screen.  This will be added to the menu bar so that the user just

needs to click on the menu item and hit Lock Screen.    See APPENDIX C: PROCEDURES FOR

BRINGING A MAC OS X SYSTEM INTO STIG COMPLIANCE.

(OSX1026GEN0080:  CAT II) The SA will ensure that the Lock Screen feature is added to the

menu bar.

3.2  Password Controls

Mac OS X operating systems allow specification of a password.  The following guidelines will

be used for password creation.

3.2.1  Password Guidelines

Users must take precautions to protect passwords by choosing passwords wisely.  Studies show

that users are more likely to remember their passwords if they are allowed to choose them

themselves.  Passwords so complex or obscure that they require being written down introduce

the hazard of becoming accessible to unauthorized persons.  The following rule will be used in

password creation:  The IAO will ensure all passwords will be a minimum of eight alphanumeric

characters in length and will include at least one capital letter, one lower case letter, one numeric

character, and one special character.

(OSX1026GEN0019:  CAT II) The IAO will ensure all passwords are a minimum of eight

alphanumeric characters in length and will include at least one capital letter, one lower case

letter, one numeric character, and one special character.

(OSX1026GEN0019:  CAT II) The IAO will ensure all passwords do not contain personal

information such as names, telephone numbers, account names, dictionary words, etc.

(OSX1026GEN0019:  CAT II) The IAO will ensure all passwords do not contain

consecutively repeating characters.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved