On June 19th, 2025, The Sonoma Benchmark Revision 3.1 will be updated on all existing Sonoma Benchmarks, to introduce a comprehensive set of updates, refinements, and enhancements to its rule files, baselines, and compliance frameworks. This release focuses on improving rule definitions, adding new compliance identifiers, refining checks and fixes, and aligning with updated security standards. Below is a detailed summary of the key changes in this release.
| Note: This update may change the behavior for Password Requirements and Sleep Settings, as indicated by the changed rules. |
Removed Rules:
-
NIST:
-
system_settings_cd_dvd_sharing_disable
-
-
CIS:
-
system_settings_cd_dvd_sharing_disable
-
-
CMMC:
-
system_settings_cd_dvd_sharing_disable
-
-
DISA:
-
os_directory_services_configured -
system_settings_cd_dvd_sharing_disable -
system_settings_ssh_enable
-
Added Rules:
-
os_sleep_and_display_sleep_apple_silicon_enable
Changed Rules:
-
os_world_writable_library_folder_configure -
pwpolicy_account_lockout_enforce -
pwpolicy_account_lockout_timeout_enforce -
pwpolicy_history_enforce -
pwpolicy_special_character_enforce.yaml -
system_settings_sleep_enforce.yaml -
system_settings_system_wide_preferences_configure.yaml -
os_unlock_active_user_session_disable
Official Change Logs:
For more details, refer to the official change logs: GitHub - macOS Security Release Sonoma Rev3.1