There is an Apple Macintosh tool that can be used to create customized security “baselines of technical security controls, which are mapped to various compliance frameworks such as: NIST 800-53, DISA STIG, FINRA, and HIPAA requirements. “
This tool is located on Github.com, it is called the macOS Security Compliance Project. The project of federal operational IT Security staff from the National Institute of Standards and Technology (NIST), National Aeronautics and Space Administration (NASA), Defense Information Systems Agency (DISA), and Los Alamos National Laboratory (LANL) have developed and provided this much needed resource for Apple Macintosh Operating System Security and Compliance.
Thanks for this extraordinary effort!
The macOS Security Compliance Project is an open source effort to provide a programmatic approach to generating security guidance. The configuration settings in this document were derived from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations, Revision 5. This is a joint project of federal operational IT Security staff from the National Institute of Standards and Technology (NIST), National Aeronautics and Space Administration (NASA), Defense Information Systems Agency (DISA), and Los Alamos National Laboratory (LANL).
This project can be used as a resource to easily create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to the compliance requirements defined in NIST SP 800-53 (Rev. 5). It can also be used to develop customized guidance to meet the particular cybersecurity needs of any organization.
To learn more about the project, please see the wiki.
If you are interested in supporting the development of the project, refer to the contributor guidance for more information.
mSCP Main project repo link: https://github.com/usnistgov/macos_security
Bob Gendler’s MSCP script repo link: https://github.com/boberito/mscp_scripts
NIST 800-219 doc link: https://csrc.nist.gov/publications/detail/sp/800-219/final
Apple Platform Guide mSCP page link: https://support.apple.com/guide/certifications/macos-security-compliance-project-apc322685bb2/web
Developing Your Mac Compliance Strategy link: https://it-training.apple.com/tutorials/apt-deployment#developing-your-mac-compliance-strategy
Apple in Government: On-Demand Videos: http://apple.co/macsecuritycompliance