How to Generate DDM Components

DDM components are generated as part of the guidance output. The script reads your baseline and creates JSON declarations ready for MDM deployment.

Note

You need a baseline first. See How to Generate Baselines if you haven’t created one.

---

Generate DDM Components

mSCP 2.0 (Beta)

mSCP 2.0 is currently in Beta

mSCP 2.0 is under active development and should not be used in production. Please report any issues to the project. For production deployments, refer to mSCP 1.0.

1. Run the command

   ./mscp.py guidance custom/baselines/BASELINE_NAME.yaml -d

   Example:

   ./mscp.py guidance custom/baselines/800-53r5_moderate_macos_26.0.yaml -d

2. Find your files

   DDM declarations are saved to build/BASELINE_NAME/:

   • Directorybuild/

     • Directory800-53r5_moderate_macos_26.0/

       • Directoryactivations/ Activation declarations (.json)

         • …
       • Directoryconfigurations/ Configuration declarations (.json)

         • …
       • Directoryassets/ Asset declarations and data files (.json, .zip)

         • …

mSCP 1.0

Always Use the Correct Branch

Each macOS version has its own branch (sequoia, sonoma, ventura, etc.). Never use the main branch — it won’t work for generating content.

1. Run the script

   ./scripts/generate_guidance.py -D baselines/BASELINE_NAME.yaml

   Example:

   ./scripts/generate_guidance.py -D baselines/800-53r5_moderate.yaml

2. Find your files

   DDM declarations are saved to build/BASELINE_NAME/declarative/:

   • Directorybuild/

     • Directory800-53r5_moderate/

       • Directorydeclarative/

         • Directoryactivations/ Activation declarations (.json)

           • …
         • Directoryconfigurations/ Configuration declarations (.json)

           • …
         • Directoryassets/ Asset declarations and data files (.json, .zip)

           • …

---

Command Reference

mSCP 2.0 (Beta)

mSCP 2.0 is currently in Beta

mSCP 2.0 is under active development and should not be used in production. Please report any issues to the project. For production deployments, refer to mSCP 1.0.

Flag	Description
-d	Generate DDM declarations

Tip

You can combine -d with other flags to generate multiple outputs at once. For example, -d -p -s generates DDM components, configuration profiles, and compliance scripts together. Or use -A to generate all outputs.

mSCP 1.0

Always Use the Correct Branch

Each macOS version has its own branch (sequoia, sonoma, ventura, etc.). Never use the main branch — it won’t work for generating content.

Flag	Description
-D	Generate DDM declarations

Tip

You can combine -D with other flags to generate multiple outputs at once. For example, -D -p -s generates DDM components, configuration profiles, and compliance scripts together.

---

Next Steps

• DDM Component Layout — Understand the file structure
• What is DDM? — Learn more about declarative management