How To Generate Guidance
To generate guidance files (AsciiDoc, HTML, and PDF) from an existing baseline, use the generate_guidance.py
script in the macos_security
repository.
Directorymacos_security/
Directoryscripts/
- generate_guidance.py ---> Script to generate guidance files
Directorybuild/
Directorybaselines/
- BASELINENAME.yaml ---> Your generated or customized baseline file
-
Ensure You Are Using the Correct Baseline File
- Use either a baseline you generated (custom baseline) or one of the built-in baselines provided by the project.
-
Run the Guidance Generation Script
-
Point the script to your baseline YAML file:
Terminal window ./scripts/generate_guidance.py build/baselines/BASELINENAME.yamlReplace
BASELINENAME.yaml
with your actual baseline file. -
The script will generate AsciiDoc, HTML, and PDF guidance documents.
-
-
Locate the Generated Guidance Files
-
The output files will be created in a directory under
build/
matching your baseline name, for example:Directorymacos_security/
Directorybuild/
Directory800-53r5_moderate/
- 800-53r5_moderate.adoc
- 800-53r5_moderate.html
- 800-53r5_moderate.pdf
-
Built-in Baseline vs Custom Baseline
Section titled “Built-in Baseline vs Custom Baseline”When generating guidance, you can use either a built-in baseline or a custom baseline:
-
Built-in Baseline:
These are standard baseline YAML files provided by the project and located in thebaselines/
directory. They represent default security configurations such as NIST 800-53, CIS, or STIG profiles.Directorymacos_security/
Directorybaselines/
- 800-53r5_moderate.yaml
Example usage:
Terminal window ./scripts/generate_guidance.py baselines/800-53r5_moderate.yamlThe output files will be generated in a directory under
build/
matching the baseline name. -
Custom Baseline:
These are baselines you have tailored for your organization, typically created using the baseline generation and tailoring scripts. Custom baseline files are usually found inbuild/baselines/
.Directorymacos_security/
Directorybuild/
Directorybaselines/
- 800-53r5_moderate.yaml
Example usage:
Terminal window ./scripts/generate_guidance.py build/baselines/800-53r5_moderate.yamlThe output files will be generated in a directory under
build/
matching your custom baseline.
Both approaches produce guidance files in AsciiDoc, HTML, and PDF formats, but custom baselines allow you to reflect organization-specific requirements and tailoring.
Example output files:
Directorymacos_security/
Directorybuild/
Directory800-53r5_moderate/
- 800-53r5_moderate.adoc
- 800-53r5_moderate.html
- 800-53r5_moderate.pdf