How to Generate Baselines
Generating a baseline creates the YAML file that defines which security rules apply to your environment. This file is required before you can generate guidance documents, configuration profiles, or compliance scripts.
Generate a Baseline
Section titled “Generate a Baseline”-
List available baselines
Terminal window ./scripts/generate_baseline.py -l -
Generate your baseline
Terminal window ./scripts/generate_baseline.py -k BASELINE_NAMEExample:
Terminal window ./scripts/generate_baseline.py -k 800-53r5_moderate -
Find your file
The baseline is saved to:
build/baselines/BASELINE_NAME.yaml
Customize with Tailoring
Section titled “Customize with Tailoring”Add the -t flag to customize the baseline for your organization:
./scripts/generate_baseline.py -k 800-53r5_moderate -tThis starts an interactive process where you can:
- Include or exclude specific rules
- Set organization-specific values (like password length or timeout periods)
Custom values are saved to custom/rules/ for reuse.
Command Reference
Section titled “Command Reference”| Flag | Description |
|---|---|
-h | Show help message |
-l | List all available baselines |
-k NAME | Generate baseline for the specified framework |
-t | Enable interactive tailoring |
-c | Show NIST 800-53 controls covered by the baseline |
Output Files
Section titled “Output Files”Directorymacos_security/
Directorybuild/
Directorybaselines/
- BASELINE_NAME.yaml - The generated baseline file
Directorycustom/
Directoryrules/
- *.yaml - Custom values (if you used
-t)
- *.yaml - Custom values (if you used
Next Steps
Section titled “Next Steps”- Tailoring a Baseline - Detailed guide on customization
- Baseline File Layout - Understand the YAML structure
- How to Generate Guidance - Create outputs from your baseline