What Are Baselines?
A baseline is a YAML file that defines which security rules apply to your environment. Each baseline maps to a compliance framework (NIST 800-53, CIS Benchmarks, DISA STIG, etc.) and includes all the rules needed to meet that framework’s requirements.
Once you have a baseline, the project scripts use it to generate everything you need: guidance documents, configuration profiles, compliance scripts, and more.
How Baselines Work
Section titled “How Baselines Work”- Choose a framework — Pick the compliance standard you need (NIST, CIS, STIG, etc.)
- Generate the baseline — Run
./mscp.py baseline -k BASELINE_NAMEto create the YAML file - Customize if needed — Tailor the baseline to your organization’s requirements
- Generate outputs — Use the baseline to create profiles, scripts, and documentation
- Choose a framework — Pick the compliance standard you need (NIST, CIS, STIG, etc.)
- Generate the baseline — Run
./scripts/generate_baseline.py -k BASELINE_NAMEto create the YAML file - Customize if needed — Tailor the baseline to your organization’s requirements
- Generate outputs — Use the baseline to create profiles, scripts, and documentation
Each baseline is specific to an operating system (macOS, iOS/iPadOS, or visionOS) and compliance level (High, Moderate, Low, or Level 1/2 depending on the framework).
Available Baselines
Section titled “Available Baselines”Government Frameworks
Section titled “Government Frameworks”| Framework | Baseline Files |
|---|---|
| NIST 800-53 Rev 5 | 800-53r5_high, 800-53r5_moderate, 800-53r5_low, 800-53r5_privacy |
| NIST 800-171 | 800-171 |
| DISA STIG | macOS: disa_stigiOS: ios_stig |
| CMMC 2.0 | cmmc_lvl1, cmmc_lvl2 |
| CNSSI 1253 | cnssi-1253_high, cnssi-1253_moderate, cnssi-1253_low |
| NLM APGOV | nlmapgov_base, nlmapgov_plus |
Industry Frameworks
Section titled “Industry Frameworks”| Framework | Baseline Files |
|---|---|
| CIS Benchmarks (macOS) | cis_lvl1, cis_lvl2 |
| CIS Benchmarks (iOS) | cis_lvl1_byod, cis_lvl2_byodcis_lvl1_enterprise, cis_lvl2_enterprise |
| CIS Controls v8 | cisv8 |
International
Section titled “International”| Framework | Baseline Files |
|---|---|
| Indigo (iOS only) | indigo_base, indigo_high |
List Available Baselines
Section titled “List Available Baselines”./mscp.py baseline -lExample output:
Available keywords (tags and benchmarks):
Tags (applicable to all platforms): 800-171 800-53r5_high 800-53r5_low 800-53r5_moderate 800-53r5_privacy cisv8 cmmc_lvl1 cmmc_lvl2 cnssi-1253_high cnssi-1253_low cnssi-1253_moderate all_rules
Benchmarks (platform-specific): cis_lvl1 (Platforms: macOS) cis_lvl2 (Platforms: macOS) disa_stig (Platforms: macOS) nlmapgov_plus (Platforms: macOS)./scripts/generate_baseline.py -lExample output:
800-53r5_high800-53r5_moderate800-53r5_low800-171cis_lvl1cis_lvl2cisv8DISA-STIGcmmc_lvl1cmmc_lvl2cnssi-1253_highcnssi-1253_moderatecnssi-1253_lownlmapgov_basenlmapgov_plusall_rulesKey Concepts
Section titled “Key Concepts”| Concept | Description |
|---|---|
| Purpose | Define what security settings your systems should have |
| Customization | Tailor baselines to fit your organization’s specific needs |
| Auditing | Provide evidence that systems meet compliance standards |
| Automation | Scripts can check and fix settings automatically |
| Maintenance | Updated with each macOS release and when frameworks change |
Next Steps
Section titled “Next Steps”- How to Generate Baselines — Create your first baseline
- Tailoring a Baseline — Customize for your organization
- Baseline File Layout — Understand the YAML structure