Skip to main content
  1. Addigy
  2. Security Suite
  3. Compliance

Compliance Benchmarks Update - September 2025

Updated:

Overview

On September 8th, 2025, Addigy will update the supported benchmarks for both Monitoring and Remediation and Monitoring. These updates will include both new rules added to the benchmarks and modified rules. Please review the change log below for additional information on each benchmark revision and benchmark rule revision.

 

📌 Added Rules

Rule

 

Summary of Latest Change

 

os_mail_smart_reply_disable

New rule added for CMMC, disables smart reply feature in Mail app [1].

os_notes_transcription_disable

New rule added, disables Notes audio transcription (CIS & CMMC).

os_notes_transcription_summary_disable

New rule added, disables summary for Notes transcription (CIS & CMMC).

os_safari_reader_summary_disable

New rule disables Safari reader summaries for CMMC; summary attribute alignment.

os_sshd_per_source_penalties_configure

New rule for SSH security; sets per-source penalties. No CIS/CMMC/STIG mapping. [1]
 

📌 Modified Rules

Rule

 

Summary of Latest Change

 

os_genmoji_disable

Added for CMMC/STIG; disables Apple “Genmoji” (AI emoji).

os_implement_cryptography

Inherent; further clarified compliance mapping but no direct code change.

os_iphone_mirroring_disable

Updated: Added for CMMC; disables iPhone mirroring support.

os_mail_summary_disable

Refined check logic/title to match CIS/CMMC language [1].

os_nfsd_disable

Alignment update: ensures consistent disabling for all three benchmarks.

os_parental_controls_enable

No substantial recent changelog update published.

os_password_hint_remove

Logic updated: Better string matching/check for password hints [1].

os_power_nap_disable

Platform logic updated for newer Mac architectures.

os_separate_functionality

Inherent; clarification in rule mapping.

os_sleep_and_display_sleep_apple_silicon_enable

New ARM tag; tailored to Apple Silicon (ARM64) only.

os_sudo_log_enforce

Added STIG IDs, NIST 800-53 tags; enhanced compliance remediations.

os_time_server_enabled

Updated checks: Precise enforcement for time server enabling.

os_unlock_active_user_session_disable

Expanded to all three: Alignment with broader compliance sets.

os_writing_tools_disable

Added as new rule; disables AI-driven writing tools.

pwpolicy_50_percent

(Permanent) No changelog note for recent change.

pwpolicy_history_enforce

Clarified checks: Enhanced password reuse prevention logic.

pwpolicy_upper_case_character_enforce

No recent changelog update available.

supplemental_cis_manual

Not present in repo; no entry.

system_settings_automatic_login_disable

Expanded mapping: Linux/Mac parity, more detection logic.

system_settings_bluetooth_sharing_disable

Minor logic improvement for reliability.

system_settings_content_caching_disable

Logic refinement for content caching checks.

system_settings_external_intelligence_disable

Addition for CIS; disables sharing diagnostic intelligence.

system_settings_external_intelligence_sign_in_disable

Addition for CIS; disables external intelligence sign-in.

system_settings_guest_access_smb_disable

Logic/description update: Better checks for SMB guest sharing.

system_settings_guest_account_disable

Improved check/fix logic for disabling Mac guest accounts.

system_settings_improve_assistive_voice_disable

Logic updated for clarity/consistency.

system_settings_improve_search_disable

Title/check logic refined for CMMC; disables Apple data sharing.

system_settings_internet_sharing_disable

Remediation refined: Stronger check and disable.

system_settings_loginwindow_loginwindowtext_enable

Added/Refined for CIS only.

system_settings_loginwindow_prompt_username_password_enforce

Expanded/clarified: Stronger universal prompting enforcement.

system_settings_media_sharing_disabled

Remediation improved: Now enforced for more frameworks.

system_settings_password_hints_disable

Check/refinement: Improved password hints detection.

system_settings_printer_sharing_disable

Logic improved: Stronger disabling coverage.

system_settings_rae_disable

Remediation alignment for all three frameworks.

system_settings_remote_management_disable

Logic refined: Broader platform compatibility.

system_settings_screen_sharing_disable

Remediation improvement: More robust disabling logic.

system_settings_screensaver_ask_for_password_delay_enforce

Check alignment to benchmark language.

system_settings_screensaver_timeout_enforce

Title updated/logic improved for timeout enforce.

system_settings_siri_disable

Logic aligned: Siri and Apple intelligence off.

system_settings_siri_listen_disable

No recent changelog found.

system_settings_smbd_disable

Logic remediation update for SMB sharing.

system_settings_software_update_enforce

Enhanced OS version targeting.

system_settings_ssh_disable

Logic alignment: SSH disable improved coverage.

system_settings_time_server_configure

Logic refinement: Stronger enforcement.

system_settings_time_server_enforce

Logic refinement: More robust enforcement.

system_settings_wake_network_access_disable

Logic update/clarification for newer Macs.
 

[Sequoia, Revision 2.0] - 2025-07-01

  • Rules
    • Added Rules
      • os_mail_smart_reply_disable
      • os_notes_transcription_disable
      • os_notes_transcription_summary_disable
      • os_safari_reader_summary_disable
      • os_sshd_per_source_penalties_configure
    • Modified Rules
      • os_genmoji_disable
      • os_implement_cryptography
      • os_iphone_mirroring_disable
      • os_mail_summary_disable
      • os_nfsd_disable
      • os_parental_controls_enable
      • os_password_hint_remove
      • os_power_nap_disable
      • os_separate_functionality
      • os_sleep_and_display_sleep_apple_silicon_enable
      • os_sudo_log_enforce
      • os_time_server_enabled
      • os_unlock_active_user_session_disable
      • os_writing_tools_disable
      • pwpolicy_50_percent
      • pwpolicy_history_enforce
      • pwpolicy_upper_case_character_enforce
      • supplemental_cis_manual
      • system_settings_automatic_login_disable
      • system_settings_bluetooth_sharing_disable
      • system_settings_content_caching_disable
      • system_settings_external_intelligence_disable
      • system_settings_external_intelligence_sign_in_disable
      • system_settings_guest_access_smb_disable
      • system_settings_guest_account_disable
      • system_settings_improve_assistive_voice_disable
      • system_settings_improve_search_disable
      • system_settings_internet_sharing_disable
      • system_settings_loginwindow_loginwindowtext_enable
      • system_settings_loginwindow_prompt_username_password_enforce
      • system_settings_media_sharing_disabled
      • system_settings_password_hints_disable
      • system_settings_printer_sharing_disable
      • system_settings_rae_disable
      • system_settings_remote_management_disable
      • system_settings_screen_sharing_disable
      • system_settings_screensaver_ask_for_password_delay_enforce
      • system_settings_screensaver_timeout_enforce
      • system_settings_siri_disable
      • system_settings_siri_listen_disable
      • system_settings_smbd_disable
      • system_settings_software_update_enforce
      • system_settings_ssh_disable
      • system_settings_time_server_configure
      • system_settings_time_server_enforce
      • system_settings_wake_network_access_disable
    • Bug Fixes

Sonoma, Revision 4.0] - 2025-07-01

  • Rules

    • Modified Rules

      • os_parental_controls_enable.yaml

      • os_separate_functionality.yaml

      • os_time_server_enabled.yaml

      • system_settings_software_update_enforce.yaml

      • system_settings_time_server_configure.yaml

      • system_settings_time_server_enforce.yaml

         

 

[Ventura, Revision 6.0] - 2025-07-01

  • Rules

    • Modified Rules

      • audit_auditd_enabled

      • auth_ssh_password_authentication_disable

      • os_anti_virus_installed

      • os_authenticated_root_enable

      • os_hibernate_mode_intel_enable

      • os_parental_controls_enable

      • os_policy_banner_ssh_enforce

      • os_separate_functionality

      • os_ssh_server_alive_count_max_configure

      • os_ssh_server_alive_interval_configure

      • os_sshd_client_alive_count_max_configure

      • os_sshd_client_alive_interval_configure

      • os_sshd_fips_compliant

      • os_sshd_login_grace_time_configure

      • os_sshd_permit_root_login_configure

      • os_time_server_enabled

      • os_world_writable_system_folder_configure

      • pwpolicy_account_inactivity_enforce

      • pwpolicy_temporary_or_emergency_accounts_disable

      • system_settings_location_services_disable

      • system_settings_location_services_enable

      • system_settings_media_sharing_disabled

      • system_settings_software_update_enforce

      • system_settings_time_server_configure

      • system_settings_time_server_enforce

 

[iOS 18, Revision 2.0] - 2025-07-01 

  • Rules

    • Added Rules

      • os_default_browser_modification_disable.yaml

      • os_default_calling_modification_disable.yaml

      • os_default_messaging_modification_disable.yaml

      • os_mail_smart_reply_disable.yaml

      • os_notes_transcription_disable.yaml

      • os_notes_transcription_summary_disable.yaml

      • os_safari_reader_summary_disable.yaml

      • os_visual_intelligence_summary.yaml

    • Modified Rules

      • icloud_sync_disable.yaml

      • icloud_drive_disable.yaml

      • os_call_recording_disable.yaml

      • os_iphone_mirroring_disable.yaml

      • os_update_enforced_software_update_delay.yaml

 
 

iOS 17, Revision 4.0] - 2025-07-01

  • Rules

    • bug fixes

[iOS 16, Revision 3.0] - 2025-07-01

  • Rules

    • bug fixes

 
 
 
Was this article helpful?
0 out of 0 found this helpful
Return to top

Didn’t find what you’re looking for?

Contact our Support Team