Compliance Editor - CIS Level 1 benchmark with one false positive

Question

Good afternoon,We are currently testing the Compliance Editor and have deployed the CIS Level 1 benchmark to three test devices via Jamf Pro. The benchmark appears to be fully implemented on these devices. However, the 'Sonoma CIS Benchmark Level 1 Audit' in Jamf is showing that the devices are non-compliant because Siri Listen was not disabled (system_settings_siri_listen_disable). I checked the devices, and Siri Listen was already disabled (screenshot below) before the CIS benchmark was applied. Does anyone know how can I resolve this false positive?  Thank you.

boberito · Accepted Answer

Have you pushed the profile to disable it? The check is checking to see if the profile is in place. Right now (most likely) there actually is no value set for the preference it's checking

jmahlman · Answer

Beat me to it, @boberito!

I repled to this in slack but the one thing to remember about the MSCP checks is that it is not checking if Listen for is enabled…it’s checking if you have the control to explicitly disable it. A similar conversation was had on the project board: https://github.com/usnistgov/macos_security/discussions/410

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded