Introduction

The macOS Security Compliance Project (mSCP) is an open source effort to provide a programmatic approach to generating security guidance for macOS.

The project maintains a library of security rules, each mapped to one or more compliance frameworks (NIST 800-53, CIS Benchmarks, DISA STIG, and others). You select a framework, run a script, and generate tailored outputs: baseline YAML files, human-readable guidance documents, MDM configuration profiles, and shell scripts for checking and remediating settings.

mSCP was created by a collaboration of federal agencies including NIST, NASA, DISA, and Los Alamos National Lab. It is recognized by Apple and updated with each major macOS release to ensure guidance stays current.

Tip

mSCP is not designed to replace your existing MDM or compliance tools. It generates the content, your tools deploy and verify it.

---

What You Get

Run the scripts and generate:

• Security baselines - YAML files defining which rules apply to your environment
• Guidance documents - HTML and PDF documentation for auditors and teams
• Configuration profiles - Ready-to-deploy .mobileconfig files for MDM
• Compliance scripts - Shell scripts to check and fix settings on any Mac
• SCAP/OVAL content - For compliance scanning tools

---

Who It’s For

Role	How You’ll Use It
System Administrators	Generate profiles and scripts to harden Macs
Security Professionals	Audit systems against compliance frameworks
Policy Authors	Create or customize baselines for your org
MDM/Compliance Vendors	Integrate trusted security guidance into products
Privacy Officers	Verify privacy controls are in place

---

Supported Frameworks

Government

• NIST 800-53 Rev 5 High, Moderate, Low
• NIST 800-171
• DISA STIG
• CMMC 2.0 Level 1, Level 2
• CNSSI-1253 High, Moderate, Low

Industry

• CIS Benchmarks Level 1, Level 2
• CIS Controls v8

International

• indigo Germany, iOS only
• BIO Netherlands
• NLMAPGOV Apple Baselines Base, Plus

---

Why This Project?

• Ready when you are - Guidance available for new macOS releases
• Single source of truth - One project, many frameworks
• Community-driven - Collaborate instead of duplicating effort
• Recognized by Apple - Built with input from Apple’s security team

---

Development Team

A collaboration between federal IT security staff and macOS administrators:

• National Institute of Standards and Technology (NIST)
• National Aeronautics and Space Administration (NASA)
• Defense Information Systems Agency (DISA)
• Los Alamos National Lab (LANL)