The macOS security compliance project is an open source effort to provide a programmatic approach to generating security guidance. This project can be used to create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to compliance requirements in existing security guides or used to develop customized guidance. Through the use of a library of atomic actions that enhance security, and mapping them back to existing guides and policies, a single project can support multiple security guides and regulated industry policies while also allowing for documentation and QA to be uniformly managed through a single effort. This approach simplifies, and radically accelerates, the updating of annual security guidance through a unification and standardization of effort.
Rationale for this project:
Normalize and accelerate annual adoption of OS/Hardware by having guidance available to meet the needs of new operating systems on release
Reduce worldwide effort in creating annual guidance by unifying and consolidating compliance efforts into a single project
Develop a methodology to foster collaboration between baseline authors, reducing overhead and redundancy
Unify approach in setting controls
Provide MDM/EMM/security/audit vendors and Apple insight into customer hardening needs
Important note: This project is a programmatic approach to security policy and can produce output content to be used IN CONJUNCTION with management and security tools to achieve compliance.