Quick Guide
If you’re new to the project, start with this Quick Guide for a high-level overview of the workflow. After reviewing these steps, check out each step’s corresponding “How To” section in the documentation menu. These sections explain in more detail what each step does, why it’s important, and what outputs to expect.
This quick guide provides a high-level overview of the steps required to generate all files with the macOS Security Compliance Project.
- 1. Prepare Your Environment
- Ensure all prerequisites are installed (Python, required modules, etc.).
- Download or clone the repository.
- 2. Verify and Select the Correct Branch
- Checkout the branch that matches your target OS version (e.g.,
sequoia).
- Checkout the branch that matches your target OS version (e.g.,
- 3. Generate a Baseline
- Use generate_baseline.py to create a baseline YAML file for your compliance needs.
- Optional Tailor the baseline to your organization using the
-tflag.
- 4. Personalize: Customize RulesOptional
- Customize rules by modifying or adding rule YAML files in the
customfolder as needed.
- Customize rules by modifying or adding rule YAML files in the
- 5. Generate Guidance DocumentationOptional
- Run generate_guidance.py to create human-readable guidance (AsciiDoc, HTML, PDF, etc.).
- 6. Generate Configuration Profiles
- Add the
-pflag togenerate_guidance.pyto generate configuration profiles for supported rules.
- Add the
- 7. Generate DDM Content
- Add the
-Dflag togenerate_guidance.pyto generate Declarative Device Management (DDM) components.
- Add the
- 8. Generate Compliance Scripts
- Add the
-sflag togenerate_guidance.pyto generate a compliance script for automated checking and remediation.
- Add the
- 9. Make ExemptionsOptional
- Customize or exempt specific rules as needed for your environment.