Skip to content
mSCP

Getting Started

Get the project files on your Mac and install the required packages. This takes about 5 minutes.

Setup

Section titled “Setup”

Requirements:

  • Python >= 3.12.1 (3.14 is not supported)
  • Ruby >= 3.4.4 (optional — for PDF output)

  1. Clone the Repository

    Section titled “Clone the Repository”
    Terminal window
    git clone https://github.com/usnistgov/macos_security.git
    cd macos_security
    git checkout sequoia

    Replace sequoia with your target macOS version (sequoia, sonoma, ventura, etc.).

    Prefer to download a ZIP? Click to expand
    1. Go to the GitHub repository
    2. Click the branch dropdown and select your macOS version
    3. Click CodeDownload ZIP
    4. Extract and open the folder

  2. Python Setup

    Section titled “Python Setup”
    Terminal window
    # Create virtual environment
    python3 -m venv .venv
    source .venv/bin/activate
    

    # Install requirements
    pip3 install -r requirements.txt
    Having Python version issues? Click to expand

    Check your Python version:

    Terminal window
    python3 --version

    Check version inside the venv:

    Terminal window
    source .venv/bin/activate
    python --version

    List all installed Python versions:

    Terminal window
    ls /opt/homebrew/bin/python3*
    ls /usr/local/bin/python3*

    Create venv with a specific version:

    Terminal window
    # Remove old venv if needed
    rm -rf .venv
    

    # Use full path to the Python version you want
    /opt/homebrew/bin/python3.13 -m venv .venv
    source .venv/bin/activate

  3. Ruby Setup (Optional — for PDF output)

    Section titled “Ruby Setup (Optional — for PDF output)”
    Terminal window
    bundle install --binstubs --path mscp_gems

  4. Verify Setup

    Section titled “Verify Setup”

    Run this command to confirm everything works:

    Terminal window
    ./scripts/generate_baseline.py -l
    

    # When done, deactivate the virtual environment
    deactivate

    You should see a list of available baselines.

What You Can Do

Section titled “What You Can Do”

With the project set up, you can:

  • Generate baselines — Create YAML files for security frameworks (NIST, CIS, DISA STIG, etc.)
  • Generate guidance — Produce HTML/PDF documentation for your baseline
  • Create configuration profiles — Deploy settings via MDM
  • Run compliance checks — Scan Macs against your baseline
  • Customize rules — Tailor settings to your organization’s needs

Next Steps

Section titled “Next Steps”
Quick Guide Step-by-step workflow for generating security compliance files.

Or explore specific topics: