The macOS security compliance project is an open source effort to provide a programmatic approach to generating security guidance. This project can be used to create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to compliance requirements in existing security guides or used to develop customized guidance. Through the use of a library of atomic actions that enhance security, and mapping them back to existing guides and policies, a single project can support multiple security guides and regulated industry policies while also allowing for documentation and QA to be uniformly managed through a single effort. This approach simplifies, and radically accelerates, the updating of annual security guidance through a unification and standardization of effort.Rationale for this project:Normalize and accelerate annual adoption of OS/Hardware by having guidance available to meet the needs of new operating systems on releaseReduce worldwide effort in creating annual guidance by unifying and consolidating compliance efforts into a single projectDevelop a methodology to foster collaboration between baseline authors, reducing overhead and redundancyUnify approach in setting controlsProvide MDM/EMM/security/audit vendors and Apple insight into customer hardening needsImportant note: This project is a programmatic approach to security policy and can produce output content to be used IN CONJUNCTION with management and security tools to achieve compliance.
About this Dataset
| Title | macOS Security Compliance Project |
|---|---|
| Description | The macOS security compliance project is an open source effort to provide a programmatic approach to generating security guidance. This project can be used to create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to compliance requirements in existing security guides or used to develop customized guidance. Through the use of a library of atomic actions that enhance security, and mapping them back to existing guides and policies, a single project can support multiple security guides and regulated industry policies while also allowing for documentation and QA to be uniformly managed through a single effort. This approach simplifies, and radically accelerates, the updating of annual security guidance through a unification and standardization of effort.Rationale for this project:Normalize and accelerate annual adoption of OS/Hardware by having guidance available to meet the needs of new operating systems on releaseReduce worldwide effort in creating annual guidance by unifying and consolidating compliance efforts into a single projectDevelop a methodology to foster collaboration between baseline authors, reducing overhead and redundancyUnify approach in setting controlsProvide MDM/EMM/security/audit vendors and Apple insight into customer hardening needsImportant note: This project is a programmatic approach to security policy and can produce output content to be used IN CONJUNCTION with management and security tools to achieve compliance. |
| Modified | 2020-06-05 00:00:00 |
| Publisher Name | National Institute of Standards and Technology |
| Contact | mailto:[email protected] |
| Keywords | macOS , mac , security , compliance , SCAP , baseline , FISMA , STIG , OVAL , XCCDF |
{
"identifier": "ark:\/88434\/mds2-2246",
"accessLevel": "public",
"contactPoint": {
"hasEmail": "mailto:[email protected]",
"fn": "Bob Gendler"
},
"programCode": [
"006:052"
],
"landingPage": "https:\/\/data.nist.gov\/od\/id\/mds2-2246",
"title": "macOS Security Compliance Project",
"description": "The macOS security compliance project is an open source effort to provide a programmatic approach to generating security guidance. This project can be used to create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to compliance requirements in existing security guides or used to develop customized guidance. Through the use of a library of atomic actions that enhance security, and mapping them back to existing guides and policies, a single project can support multiple security guides and regulated industry policies while also allowing for documentation and QA to be uniformly managed through a single effort. This approach simplifies, and radically accelerates, the updating of annual security guidance through a unification and standardization of effort.Rationale for this project:Normalize and accelerate annual adoption of OS\/Hardware by having guidance available to meet the needs of new operating systems on releaseReduce worldwide effort in creating annual guidance by unifying and consolidating compliance efforts into a single projectDevelop a methodology to foster collaboration between baseline authors, reducing overhead and redundancyUnify approach in setting controlsProvide MDM\/EMM\/security\/audit vendors and Apple insight into customer hardening needsImportant note: This project is a programmatic approach to security policy and can produce output content to be used IN CONJUNCTION with management and security tools to achieve compliance.",
"language": [
"en"
],
"distribution": "",
"bureauCode": [
"006:55"
],
"modified": "2020-06-05 00:00:00",
"publisher": {
"@type": "org:Organization",
"name": "National Institute of Standards and Technology"
},
"theme": [
"Information Technology:Cybersecurity"
],
"keyword": [
"macOS",
"mac",
"security",
"compliance",
"SCAP",
"baseline",
"FISMA",
"STIG",
"OVAL",
"XCCDF"
]
}
