- Monterey - Apply Gatekeeper Settings to Block Applications from Unidentified Developers
- Monterey - Configure Audit Failure Notification
- Monterey - Configure Audit Log Files Group to Wheel
- Monterey - Configure Audit Log Files to be Owned by Root
- Monterey - Configure Audit Log Files to Mode 440 or Less Permissive
- Monterey - Configure Audit Log Files to Not Contain Access Control Lists
- Monterey - Configure Audit Log Folder to Not Contain Access Control Lists
- Monterey - Configure Audit Log Folders Group to Wheel
- Monterey - Configure Audit Log Folders to be Owned by Root
- Monterey - Configure Audit Log Folders to Mode 700 or Less Permissive
- Monterey - Configure Gatekeeper to Disallow End User Override
- Monterey - Configure Login Window to Prompt for Username and Password
- Monterey - Configure macOS to Use an Authorized Time Server
- Monterey - Configure SSH ServerAliveInterval option set to 900 or less
- Monterey - Configure System to Audit All Administrative Action Events
- Monterey - Configure System to Audit All Authorization and Authentication Events
- Monterey - Configure System to Audit All Failed Change of Object Attributes
- Monterey - Configure System to Audit All Failed Program Execution on the System
- Monterey - Configure System to Audit All Failed Read Actions on the System
- Monterey - Configure System to Audit All Failed Write Actions on the System
- Monterey - Configure System to Audit All Log In and Log Out Events
- Monterey - Configure System to Shut Down Upon Audit Failure
- Monterey - Configure the System for Nonlocal Maintenance
- Monterey - Configure the System to Block Non-Privileged Users from Executing Privileged Functions
- Monterey - Configure the System to Implement Approved Cryptography to Protect Information
- Monterey - Configure the System to Prevent the Unauthorized Disclosure of Data via Shared Resources
- Monterey - Configure the System to Separate User and System Functionality - separate
- Monterey - Configure User Session Lock When a Smart Token is Removed
- Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy
- Monterey - Disable Accounts after 35 Days of Inactivity
