Pareto Security
macOS Security Checks

32 checks Pareto Security runs on your Mac

Each check covers a common security misconfiguration on macOS, with links to step-by-step fixes.

Access Security

CheckDescriptionRequired in frameworks
Automatic Login is offAutomatic login lets anyone access your account at boot without entering a password or using Touch ID.
CISISONIST CSFEssentialsSOC
No unused user accounts are presentOnly user accounts that are actually needed should exist on the device; leftover accounts are an unmonitored way in.
CISISOEssentials
Not using Administrator accountYour daily user on macOS runs as Standard rather than Administrator, so malware can't silently install with admin rights.
CISEssentials
Password after inactivitymacOS asks for the password again after a short idle period instead of leaving the session unlocked.
CISISONIST CSFEssentialsSOC
Password hints are offPassword hints shown after a failed sign-in can leak clues toward your password and should stay off.
CISEssentials
Password manager is installedA password manager helps you generate, store, and use a unique strong password for every account on your Mac.
NIST CSFEssentialsSOC
Password to unlock PreferencesChanging system settings requires the administrator password, blocking unauthorized config changes by other users.
Screen Saver shows after 20 minThe screensaver kicks in after a period of inactivity so an unattended Mac auto-locks.
CISISONIST CSFSOC
SSH keys require a passwordSSH private keys are protected by a passphrase or hardware key, so a stolen key alone can't be used.
SSH keys use strong encryptionSSH keys use a strong enough algorithm and key size to resist brute-forcing of the private key.

Application Updates

CheckDescriptionRequired in frameworks
App Store updates are automaticMac App Store apps update automatically, closing known vulnerabilities without waiting on the user.
CISISONIST CSFEssentialsSOC
Application updatesmacOS and the third-party apps installed on your Mac are kept patched, since outdated apps are a primary attack vector.
CISISONIST CSFEssentialsSOC
Package managers delay new releasesOn macOS, developer package managers wait at least 7 days before installing new packages, so registries can catch compromised releases first.
SOC
Pareto Security is up-to-dateYou're running the most recent version of Pareto Security for Mac, so it ships the latest checks.

Firewall & Sharing

CheckDescriptionRequired in frameworks
AirDrop is securedAirDrop is restricted to Contacts Only so strangers nearby can't send files to your Mac.
CISEssentials
AirPlay receiver is offAirPlay Receiver is off so unknown devices can't stream content to your Mac's display.
CISEssentials
File Sharing is offFile Sharing makes the Mac's Public folder accessible over the network and should be off unless actively sharing.
CISEssentials
Firewall is on and configuredThe macOS firewall blocks contact from other computers on the Internet or on your network.
CISISONIST CSFSOC
Internet Sharing is offInternet Sharing turns your Mac into a Wi-Fi hotspot for nearby devices and should be off unless actively sharing.
CISEssentials
Media Sharing is offMedia Sharing exposes your music, movie, and TV libraries to other Macs on the network.
CISEssentials
Printer Sharing is offPrinter Sharing exposes attached printers to other devices on the network and should be off unless actively sharing.
CISEssentials
Remote Login is offRemote Login (SSH) lets other devices control your computer and should be off unless actively needed.
CISEssentials
Remote Management is offRemote Management lets other devices control your computer and should be off unless actively needed.
CISEssentials

macOS Updates

CheckDescriptionRequired in frameworks
macOS updatesmacOS installs system updates automatically — these bundle security patches, drivers, and built-in tools.
CISISONIST CSFEssentialsSOC

System Integrity

CheckDescriptionRequired in frameworks
Boot is securemacOS's built-in boot-time protections (System Integrity Protection and secure boot) are active and not bypassed.
CISISONIST CSFEssentialsSOC
FileVault is onFileVault encrypts the data on your disk so a lost or stolen Mac can't be read by removing the drive.
CISISONIST CSFSOC
Gatekeeper is onGatekeeper blocks the install of apps that aren't notarized by Apple or are known malware.
CISISONIST CSFEssentialsSOC
Pareto Cloud is receiving reportsYour device is reporting security status to Pareto Cloud, so the team dashboard reflects its actual posture.
Terminal apps use secure entrySecure Keyboard Entry prevents other apps from detecting or recording what you type in Terminal or iTerm.
Time Machine is on and encryptedTime Machine is backing up regularly and the backup disk is encrypted, so your data is both safe and private.
CISISONIST CSFEssentialsSOC
Uptime is less than 14 daysYour Mac has been restarted within the last 14 days, so pending security updates and live patches can take effect.
WiFi connection is secureYour current Wi-Fi connection is encrypted (WPA2 or WPA3), so nearby traffic can't be captured in plain text.
ISO

Keep your business secure with Pareto CloudNon-Invasive Device Monitoring.