How to Generate Baselines

Generating a baseline creates the YAML file that defines which security rules apply to your environment. This file is required before you can generate guidance documents, configuration profiles, or compliance scripts.

---

Generate a Baseline

mSCP 2.0 (Beta)

mSCP 2.0 is currently in Beta

mSCP 2.0 is under active development and should not be used in production. Please report any issues to the project. For production deployments, refer to mSCP 1.0.

1. List available baselines

   ./mscp.py baseline -l

2. Generate your baseline

   ./mscp.py baseline -k BASELINE_NAME

   Example:

   config/custom/baselines/800-53r5_moderate_macos_26.0.yaml

   ./mscp.py baseline -k 800-53r5_moderate

3. Find your file

   The baseline is saved to:

   config/custom/baselines/BASELINE_NAME_macos_VERSION.yaml

mSCP 1.0

Always Use the Correct Branch

Each macOS version has its own branch (sequoia, sonoma, ventura, etc.). Never use the main branch — it won’t work for generating content.

1. List available baselines

   ./scripts/generate_baseline.py -l

2. Generate your baseline

   ./scripts/generate_baseline.py -k BASELINE_NAME

   Example:

   ./scripts/generate_baseline.py -k 800-53r5_moderate

3. Find your file

   The baseline is saved to:

   build/baselines/BASELINE_NAME.yaml

---

Customize with Tailoring

Add the -t flag to customize the baseline for your organization:

mSCP 2.0 (Beta)

mSCP 2.0 is currently in Beta

mSCP 2.0 is under active development and should not be used in production. Please report any issues to the project. For production deployments, refer to mSCP 1.0.

./mscp.py baseline -k 800-53r5_moderate -t

mSCP 1.0

Always Use the Correct Branch

Each macOS version has its own branch (sequoia, sonoma, ventura, etc.). Never use the main branch — it won’t work for generating content.

./scripts/generate_baseline.py -k 800-53r5_moderate -t

This starts an interactive process where you can:

• Include or exclude specific rules
• Set organization-specific values (like password length or timeout periods)

Custom values are saved to custom/rules/ for reuse.

Tip

Tailoring is optional. You can generate a baseline without customization and modify it later.

---

Command Reference

mSCP 2.0 (Beta)

mSCP 2.0 is currently in Beta

mSCP 2.0 is under active development and should not be used in production. Please report any issues to the project. For production deployments, refer to mSCP 1.0.

Flag	Description
-l	List all available baselines (tags and benchmarks)
-k NAME	Generate baseline for the specified framework
-t	Enable interactive tailoring
-c	Show NIST 800-53 controls covered by the baseline
--os_name	Target OS name
--os_version	Target OS version

mSCP 1.0

Always Use the Correct Branch

Each macOS version has its own branch (sequoia, sonoma, ventura, etc.). Never use the main branch — it won’t work for generating content.

Flag	Description
-h	Show help message
-l	List all available baselines
-k NAME	Generate baseline for the specified framework
-t	Enable interactive tailoring
-c	Show NIST 800-53 controls covered by the baseline

---

Output Files

mSCP 2.0 (Beta)

mSCP 2.0 is currently in Beta

mSCP 2.0 is under active development and should not be used in production. Please report any issues to the project. For production deployments, refer to mSCP 1.0.

• Directorymacos_security/

  • Directoryconfig/

    • Directorycustom/

      • Directorybaselines/

        • BASELINE_NAME_macos_VERSION.yaml The generated baseline file
  • Directorycustom/

    • Directoryrules/

      • *.yaml Custom values (if you used -t)

mSCP 1.0

Always Use the Correct Branch

Each macOS version has its own branch (sequoia, sonoma, ventura, etc.). Never use the main branch — it won’t work for generating content.

• Directorymacos_security/

  • Directorybuild/

    • Directorybaselines/

      • BASELINE_NAME.yaml The generated baseline file
  • Directorycustom/

    • Directoryrules/

      • *.yaml Custom values (if you used -t)

---

Next Steps

• Tailoring a Baseline — Detailed guide on customization
• Baseline File Layout — Understand the YAML structure
• How to Generate Guidance — Create outputs from your baseline