Spelling fixes, added note in system_settings_siri_settings_disable

rules/os/os_application_sandboxing.yaml

@@ -1,5 +1,5 @@
 id: os_application_sandboxing
-title: Ensure Seperate Execution Domain for Processes
+title: Ensure Separate Execution Domain for Processes
 discussion: |
   The inherent configuration of the macOS _IS_ in compliance as Apple has implemented multiple features Mandatory access controls (MAC), System Integrity Protection (SIP), and application sandboxing.
 

rules/os/os_mobile_file_integrity_enable.yaml

@@ -1,6 +1,6 @@
 id: os_mobile_file_integrity_enable
 title: Enable Apple Mobile File Integrity
-discussion: Mobile file integrity _MUST_ be ebabled.
+discussion: Mobile file integrity _MUST_ be enabled.
 check: |
   /usr/sbin/nvram -p | /usr/bin/grep -c "amfi_get_out_of_my_way=1"
 result:

rules/system_settings/system_settings_rae_disable.yaml

@@ -14,7 +14,7 @@ fix: |
   /usr/sbin/systemsetup -setremoteappleevents off
   /bin/launchctl disable system/com.apple.AEServer
   ----
-  NOTE: Systemsetup with -setremoteappleevents flag will fail unless you grant Full Disk Access to systemsetup or it's parent process. Requires supervision.
+  NOTE: Systemsetup with -setremoteappleevents flag will fail unless you grant Full Disk Access to systemsetup or its parent process. Requires supervision.
 references:
   cce:
     - N/A

rules/system_settings/system_settings_siri_settings_disable.yaml

@@ -4,6 +4,8 @@ discussion: |
   The System Settings pane for Siri _MUST_ be hidden.
   
   Hiding the System Settings pane prevents the users from configuring Siri.
+
+  NOTE: Disabling the Siri System Settings pane blocks the user from opting into Apple Intelligence. 
 check: |
   /usr/bin/profiles show -output stdout-xml | /usr/bin/xmllint --xpath '//key[text()="DisabledSystemSettings"]/following-sibling::*[1]' - | /usr/bin/grep -c com.apple.Siri-Settings.extension
 result:

rules/system_settings/system_settings_ssh_disable.yaml

@@ -12,7 +12,7 @@ fix: |
   /usr/sbin/systemsetup -f -setremotelogin off >/dev/null
   /bin/launchctl disable system/com.openssh.sshd
   ----
-  NOTE: Systemsetup with -setremotelogin flag will fail unless you grant Full Disk Access to systemsetup or it's parent process. Requires supervision.
+  NOTE: Systemsetup with -setremotelogin flag will fail unless you grant Full Disk Access to systemsetup or its parent process. Requires supervision.
 references:
   cce:
     - N/A

scripts/generate_guidance.py

@@ -1710,7 +1710,7 @@ def generate_xls(baseline_name, build_path, baseline_yaml):
     sheet1.write(0, 14, "CIS v8", headers)
     sheet1.write(0, 15, "CMMC", headers)
     sheet1.write(0, 16, "CCI", headers)
-    sheet1.write(0, 17, "Modifed Rule", headers)
+    sheet1.write(0, 17, "Modified Rule", headers)
     sheet1.write(0, 18, "Severity", headers)
     sheet1.set_panes_frozen(True)
     sheet1.set_horz_split_pos(1)
@@ -2199,7 +2199,7 @@ def main():
     themes = glob.glob("../custom/templates/*theme*.yml")
     if len(themes) > 1:
         print(
-            "Found muliple custom themes in directory, only one can exist, using default"
+            "Found multiple custom themes in directory, only one can exist, using default"
         )
     elif len(themes) == 1:
         print(f"Found custom PDF theme: {themes[0]}")

scripts/generate_scap.py

@@ -368,7 +368,7 @@ def generate_scap(all_rules, all_baselines, args):
                 severity = "unknown"
 
             check_rule = str()
-            if "inherent" in rule_yaml['tags'] or "n_a" in rule_yaml['tags'] or "permenant" in rule_yaml['tags']:
+            if "inherent" in rule_yaml['tags'] or "n_a" in rule_yaml['tags'] or "permanent" in rule_yaml['tags']:
                 check_rule = '''
             <check system="http://scap.nist.gov/schema/ocil/2">
             <check-content-ref href="ocil.xml"/></check>'''