U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

Published

Author(s)

Mark Trapnell, Eric Trapnell, Murugiah Souppaya, Bob Gendler, Dan Brodjieski, Allen Golbig, Karen Scarfone, Blair Heiserman

Abstract

The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication introduces the mSCP and gives an overview of the resources available from the project's GitHub site, which is continuously curated and updated to support each new release of macOS. The GitHub site provides practical, actionable recommendations in the form of secure baselines and associated rules. This publication also describes use cases for leveraging the mSCP content. Updates from the previous version of this publication mainly involve the new mSCP capability to create a custom benchmark by tailoring a baseline.
Citation
Special Publication (NIST SP) - 800-219r1
Report Number
800-219r1
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-219r1
Local Download

Keywords

Apple, baseline, configuration management, endpoint device security, macOS, macOS Security Compliance Project (mSCP), operating system security, security compliance
Information technology

Citation

Trapnell, M. , Trapnell, E. , Souppaya, M. , Gendler, B. , Brodjieski, D. , Golbig, A. , Scarfone, K. and Heiserman, B. (2023), Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP), Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-219r1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=936884 (Accessed April 27, 2024)

Created July 20, 2023, Updated September 13, 2023