Skip to content
mSCP

Getting Started

Decide which version to set up with, then follow the steps below.

mSCP 2.0 (Beta)

The newest version, runs in a container or locally (with dependencies), supports all macOS/iOS/visionOS versions in one place without switching branches.

mSCP 1.0

The stable release, runs locally (with dependencies), uses separate branches for each macOS/iOS/visionOS version and requires switching branches to change versions.

Setup

Section titled “Setup”

Requirements:

  1. Create Local Folders

    Terminal window
    mkdir -p ~/Desktop/mscp/custom

  2. Run the Container

    Using Apple Container:

    Terminal window
    container run -it \
      --volume ~/Desktop/mscp:/mscp/build \
      --volume ~/Desktop/mscp/custom:/mscp/custom \
      ghcr.io/usnistgov/macos_security:latest
    Apple Container commands Click to expand

    Start the container service (required before first run):

    Terminal window
    container system start

    Exit the container:

    Terminal window
    exit

    Stop the container service:

    Terminal window
    container system stop

    Check container service status:

    Terminal window
    container system status

    Or Using Docker:

    Terminal window
    # Note: Docker requires full paths for volume mounts
    docker run -it \
      --volume /Users/<username>/Desktop/mscp:/mscp/build \
      --volume /Users/<username>/Desktop/mscp/custom:/mscp/custom \
      ghcr.io/usnistgov/macos_security:latest

  3. Generate Content

    config/custom/baselines/cis_lvl1_macos_26.0.yaml
    # Create a baseline
    ./mscp.py baseline -k cis_lvl1
    # Generate guidance with all outputs
    ./mscp.py guidance custom/baselines/cis_lvl1_macos_26.0.yaml -A
    # Output: MSCP DOCUMENT GENERATION COMPLETE! All documents in: /build/cis_lvl1_macos_26.0/

What You Can Do

Section titled “What You Can Do”

With the project set up, you can:

  • Generate baselines — Create YAML files for security frameworks (NIST, CIS, DISA STIG, etc.)
  • Generate guidance — Produce HTML/PDF documentation for your baseline
  • Create configuration profiles — Deploy settings via MDM
  • Run compliance checks — Scan Macs against your baseline
  • Customize rules — Tailor settings to your organization’s needs

Next Steps

Section titled “Next Steps”
Quick Guide Step-by-step workflow for generating security compliance files.

Or explore specific topics: