Vendor Attribution
The following vendors have contributed to or implemented various portions of the macOS Security Compliance Project in their products.
Vendor Overview
Section titled “Vendor Overview”| Vendor | Product | Contribution |
|---|---|---|
| Apple | Professional Services | Expert guidance and deployment planning |
| CIS | macOS Benchmark | Secure configuration expertise |
| Jamf | Compliance Editor (JCE) | Automated compliance monitoring |
| Mosyle | Mosyle Business | Standards-based security controls |
| Tenable | Audit Plugins | YAML to .audit format conversion |
| NIWC Atlantic | SCAP Compliance Checker | SCAP content development |
| Qmulos | Q-Compliance | Real-time compliance assessment |
| Addigy | Compliance Module | CIS and NIST benchmark enforcement |
Apple – Apple Professional Services
Section titled “Apple – Apple Professional Services”Apple Professional Services is a team within Apple that provides organizations with expert guidance, deployment planning, and technical implementation services for Apple products and solutions. They help customers design, deploy, and optimize Apple technology in enterprise and education environments, including security and compliance initiatives.
Link: Apple Professional Services
Center for Internet Security – CIS macOS Benchmark
Section titled “Center for Internet Security – CIS macOS Benchmark”“By contributing our secure configuration expertise to the NIST macOS Security Compliance Project, we are supporting our mission in making the connected world a safer place by promoting timely, consistent macOS configuration security best practices which will help people, businesses, and governments better protect themselves against pervasive cyber threats.”
— Center for Internet Security (CIS)
Link: CIS Apple macOS Benchmarks
Jamf – Jamf Compliance Editor
Section titled “Jamf – Jamf Compliance Editor”“By implementing automated monitoring and enforcement of the compliance standards published by the NIST Special Publication 800-219 (macOS Security Compliance Project), Jamf easily helps organizations maintain OS compliance of the latest macOS releases according to industry recognized hardening benchmarks.”
— Jamf
Link: Jamf Compliance Editor Documentation
Mosyle – Mosyle Business
Section titled “Mosyle – Mosyle Business”“macOS hardening & compliance is a foundational requirement for all organizations using Apple as they work to minimize risk. It would take countless labor hours if each company had to dissect the operating system and applications within their environment to achieve this goal. The excellent work by NIST macOS Security compliance project and other trusted standards provide frameworks and methodologies to alleviate the burden of individually identifying each setting and feature’s “safe” configuration. As macOS increases in capabilities with each version, so does the library of controls these frameworks address. These public projects continue to grow in scale and value through the collaborative effort put forth by their authors. We rely on these resources to provide our customers with easy to implement, standards-based security controls for each entity’s hardening and compliance needs.”
— Mosyle
Link: Mosyle Hardening Solutions
Tenable
Section titled “Tenable”“Tenable, Inc. automated the conversion of https://github.com/usnistgov/macos_security YAML rules into the .audit format using Python and YAML libraries. Programmatically approaching this conversion allows for faster future releases, consistency, and maintaining the integrity of the source content. Because the YAML content is all command driven, this is converted to Tenable’s CMD_EXEC check type for use with the Unix plugin. The YAML rules have a “tags” section that was used to create unique audit profiles related to common frameworks.”
— Tenable
Link: Tenable
Naval Information Warfare Center (NIWC) Atlantic – SCAP Compliance Checker (SCC)
Section titled “Naval Information Warfare Center (NIWC) Atlantic – SCAP Compliance Checker (SCC)”“The SCC development team at NIWC Atlantic assisted in developing and troubleshooting SCAP content for the macOS Security Compliance Project. NIWC Atlantic tests the content using SCC, and bundles the content released by the macOS Security Compliance Project with SCC to promote security automation on MacOS.”
— NIWC Atlantic
Link: NIWC Atlantic SCAP
Qmulos
Section titled “Qmulos”“Qmulos Apple Compliance leverages the NIST macOS Security Compliance Project to bring secure configuration assessment data to our flagship product Q-Compliance, which is built on top of the leading big data platform, Splunk. Qmulos products provide the ability to continuously assess in near real-time and report against multiple frameworks like NIST 800-53, CMMC, CIS and many more. We are the only platform enabling Converged Continuous Compliance® enterprise wide.”
— Qmulos
Link: Qmulos Apple Compliance
Addigy
Section titled “Addigy”“Using the macOS Security Compliance Project, Addigy facilitates a seamless approach to implementing, monitoring, and enforcing the most recent CIS and NIST benchmarks. We ardently advocate for the notion that simplifying the journey toward device compliance is crucial in bolstering global security and mitigating cyber threats.”
— Addigy
Link: Addigy Compliance Documentation
Next Steps
Section titled “Next Steps”- Contributing - How to contribute to the project
- Resources - Training and tools