What Are Baselines?
A baseline is a YAML file that defines which security rules apply to your environment. Each baseline maps to a compliance framework (NIST 800-53, CIS Benchmarks, DISA STIG, etc.) and includes all the rules needed to meet that framework’s requirements.
Once you have a baseline, the project scripts use it to generate everything you need: guidance documents, configuration profiles, compliance scripts, and more.
How Baselines Work
Section titled “How Baselines Work”- Choose a framework - Pick the compliance standard you need (NIST, CIS, STIG, etc.)
- Generate the baseline - Run
generate_baseline.pyto create the YAML file - Customize if needed - Tailor the baseline to your organization’s requirements
- Generate outputs - Use the baseline to create profiles, scripts, and documentation
Each baseline is specific to an operating system (macOS, iOS/iPadOS, or visionOS) and compliance level (High, Moderate, Low, or Level 1/2 depending on the framework).
Available Baselines
Section titled “Available Baselines”Baselines are located in the /baselines/ folder. Here’s what’s available:
Government Frameworks
Section titled “Government Frameworks”| Framework | Baseline Files |
|---|---|
| NIST 800-53 Rev 5 | 800-53r5_high.yaml, 800-53r5_moderate.yaml, 800-53r5_low.yaml |
| NIST 800-171 | 800-171.yaml |
| DISA STIG | macOS: DISA-STIG.yamliOS: ios_stig.yaml, ios_stig_byoad.yaml |
| CMMC 2.0 | cmmc_lvl1.yaml, cmmc_lvl2.yaml |
| CNSSI 1253 | cnssi-1253_high.yaml, cnssi-1253_moderate.yaml, cnssi-1253_low.yaml |
Industry Frameworks
Section titled “Industry Frameworks”| Framework | Baseline Files |
|---|---|
| CIS Benchmarks (macOS) | cis_lvl1.yaml, cis_lvl2.yaml |
| CIS Benchmarks (iOS) | cis_lvl1_byod.yaml, cis_lvl2_byod.yamlcis_lvl1_enterprise.yaml, cis_lvl2_enterprise.yaml |
| CIS Controls v8 | cisv8.yaml |
International
Section titled “International”| Framework | Baseline Files |
|---|---|
| Indigo (iOS only) | indigo_base.yaml, indigo_high.yaml |
List Available Baselines
Section titled “List Available Baselines”To see all baselines available for your current branch:
./scripts/generate_baseline.py -lExample output:
800-53r5_high800-53r5_moderate800-53r5_lowcis_lvl1cis_lvl2DISA-STIGcmmc_lvl1cmmc_lvl2...Key Concepts
Section titled “Key Concepts”| Concept | Description |
|---|---|
| Purpose | Define what security settings your systems should have |
| Customization | Tailor baselines to fit your organization’s specific needs |
| Auditing | Provide evidence that systems meet compliance standards |
| Automation | Scripts can check and fix settings automatically |
| Maintenance | Updated with each macOS release and when frameworks change |
Next Steps
Section titled “Next Steps”- How to Generate Baselines - Create your first baseline
- Tailoring a Baseline - Customize for your organization
- Baseline File Layout - Understand the YAML structure