MacOS DOI STIG (DISA) Recommendations
Apple’s firewall will protect your computer from certain incoming attacks. Apple offers three firewall options: Allow all, Allow only essential, and Allow access for specific incoming connections. Unless you have a specific need to allow incoming connection (for services such as ssh, file sharing, or web services), set the firewall to ‘Allow only essential services,’ otherwise use the ‘Allow access for specific incoming connections’ option and specify the apps that require incoming connections.
BUTST Recommendations
Firewall Settings
Go to System Preferences > Security & Privacy > Firewall
Unlock with Administrative account.
Turn on Firewall
(Optional) Under “Firewall Options” inbound and outbound rules can be set.
Sharing Settings
Got to System Preferences > Sharing.
Unlock with Administrative account.
Allow only administrative accounts access to the following.
Check “File Sharing”
Check “Remote Login”
Check “Remote Management”