What is Guidance?
Guidance is the human-readable documentation generated from your baseline. It explains each security control: what it does, why it matters, how to implement it, and how to verify compliance.
Once you have a baseline, run the generate_guidance.py script to create documentation in multiple formats.
Output Formats
Section titled “Output Formats”| Format | Description |
|---|---|
| AsciiDoc (.adoc) | Source format for the documentation |
| HTML (.html) | Web-viewable documentation |
| PDF (.pdf) | Printable format for auditors and compliance teams |
What’s Included
Section titled “What’s Included”Each guidance document contains:
Document sections:
- Foreword and scope
- Authors and contributors
- Acronyms and terminology
For each security rule:
| Section | Description |
|---|---|
| Discussion | What the control does and why it’s important |
| Check | How to verify the setting is correctly applied |
| Fix | How to configure macOS to meet the requirement |
| Result | Expected values when compliant |
| References | Links to NIST 800-53, CIS, DISA STIG, and Apple documentation |
| Severity | Impact level of the control |
Example Use Cases
Section titled “Example Use Cases”- Compliance audits - Provide documentation showing how your systems meet framework requirements
- Security reviews - Share implementation details with security teams
- Change management - Document what settings are being applied and why
- Training - Help administrators understand the security controls
Next Steps
Section titled “Next Steps”- How to Generate Guidance - Create guidance from your baseline
- Guidance File Example - See a sample PDF output