Skip to content
mSCP

How to Generate Guidance

The generate_guidance.py script creates outputs from your baseline. By default it generates documentation (AsciiDoc, HTML, PDF). With additional flags, you can also generate compliance scripts, configuration profiles, and more.

Generate Guidance

Section titled “Generate Guidance”

  1. Run the script with your baseline

    Terminal window
    ./scripts/generate_guidance.py baselines/BASELINE_NAME.yaml

    Example:

    Terminal window
    ./scripts/generate_guidance.py baselines/800-53r5_moderate.yaml

  2. Add flags for additional outputs

    Terminal window
    ./scripts/generate_guidance.py -s -p baselines/800-53r5_moderate.yaml

    This generates guidance docs plus compliance script (-s) and configuration profiles (-p).

  3. Find your files

    All outputs are saved to build/BASELINE_NAME/:

    • Directorybuild/
      • Directory800-53r5_moderate/
        • 800-53r5_moderate.adoc - AsciiDoc source
        • 800-53r5_moderate.html - Web documentation
        • 800-53r5_moderate.pdf - Printable documentation
        • 800-53r5_moderate_compliance.sh - Compliance script (if -s)
        • 800-53r5_moderate.xls - Excel spreadsheet (if -x)
        • Directorymobileconfigs/ - Configuration profiles (if -p)
          • Directoryunsigned/ - Unsigned profiles
          • Directorysigned/ - Signed profiles (if -H)
          • Directorypreferences/ - Preference plists
        • Directorydeclarative/ - DDM components (if -D)
          • Directoryactivations/
          • Directoryconfigurations/
          • Directoryassets/
        • Directorypreferences/ - Audit preference files

Command Reference

Section titled “Command Reference”
FlagOutput
(none)Guidance documents (.adoc, .html, .pdf)
-sCompliance script
-pConfiguration profiles (one per payload)
-PSingle consolidated configuration profile
-DDeclarative Device Management (DDM) components
-xExcel spreadsheet

Additional options:

FlagDescription
-hShow help message
-l LOGOInclude custom logo in documentation
-H HASHSign configuration profiles with certificate
-a NAMECustom name for audit plist and log
-r REFUse reference ID instead of rule ID

Common Examples

Section titled “Common Examples”

Generate documentation only:

Terminal window
./scripts/generate_guidance.py baselines/800-53r5_moderate.yaml

Generate everything for MDM deployment:

Terminal window
./scripts/generate_guidance.py -s -p -D baselines/DISA-STIG.yaml

Generate with signed profiles:

Terminal window
./scripts/generate_guidance.py -p -H YOUR_CERT_HASH baselines/cis_lvl2.yaml

Generate documentation with custom logo:

Terminal window
./scripts/generate_guidance.py -l /path/to/logo.png baselines/800-53r5_moderate.yaml

Built-in vs Custom Baselines

Section titled “Built-in vs Custom Baselines”

You can use either type of baseline:

TypeLocationUse Case
Built-inbaselines/Standard frameworks without customization
Custombuild/baselines/Tailored baselines for your organization

Both produce the same outputs. Custom baselines reflect your organization’s specific settings and excluded rules.

Next Steps

Section titled “Next Steps”