How to Generate DDM Components

DDM components are generated using the generate_guidance.py script with the -D flag. The script reads your baseline and creates JSON declarations ready for MDM deployment.

Note

You need a baseline first. See How to Generate Baselines if you haven’t created one.

Always Use the Correct Branch (mSCP 1.0)

Each macOS version has its own branch (sequoia, sonoma, ventura, etc.). Never use the main branch — it won’t work for generating content.

mSCP 2.0 (currently in beta) will remove the per-branch requirement and introduce easier installation methods.

---

Generate DDM Components

1. Run the generation script

   ./scripts/generate_guidance.py -D baselines/BASELINE_NAME.yaml

   Example:

   ./scripts/generate_guidance.py -D baselines/800-53r5_moderate.yaml

2. Find your files

   DDM declarations are saved to build/BASELINE_NAME/declarative/:

   • Directorybuild/

     • Directory800-53r5_moderate/

       • Directorydeclarative/

         • Directoryactivations/ - Activation declarations (.json)

           • …
         • Directoryconfigurations/ - Configuration declarations (.json)

           • …
         • Directoryassets/ - Asset declarations and data files (.json, .zip)

           • …

---

Command Reference

Flag	Description
-D	Generate DDM declarations

Tip

You can combine -D with other flags to generate multiple outputs at once. For example, -D -p -s generates DDM components, configuration profiles, and compliance scripts together.

---

Next Steps

• DDM Component Layout - Understand the file structure
• What is DDM? - Learn more about declarative management