usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Convert docs to md and update changelog

Browse Source
This commit is contained in:
Allen Golbig
2025-06-25 18:50:31 -04:00
parent 1ffe9bbe4e
commit 02e51d76e4
4 changed files with 66 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
CHANGELOG.md
View File

@@ -2,22 +2,21 @@
This document provides a high-level view of the changes to the macOS Security Compliance Project.
## [Sonoma, Removed 3.2] - 2025-06-XX
## [Sonoma, Revision 3.2] - 2025-06-XX
* Rules
* Modified Rules
* os_parental_controls_enable.yaml
* os_separate_functionality.yaml
* os_time_server_enabled.yaml
* os_world_writable_library_folder_configure.yaml
* pwpolicy_account_lockout_enforce.yaml
* pwpolicy_account_lockout_timeout_enforce.yaml
* pwpolicy_history_enforce.yaml
* pwpolicy_special_character_enforce.yaml
* system_settings_software_update_enforce.yaml
* system_settings_time_server_configure.yaml
* system_settings_time_server_enforce.yaml
* Scripts
* generate_guidance
* bug fixes
* generate_scap
* bug fixes
## [Sonoma, Revision 3.1] - 2024-12-16

16
CONTRIBUTING.adoc → CONTRIBUTING.md
View File

@@ -1,12 +1,12 @@
== Contributing
## Contributing
=== Engage
Contribute new content, share feedback and ask questions about resources in the repository using the https://github.com/usnistgov/macos_security/issues/new[Issues feature].
### Engage
Contribute new content, share feedback and ask questions about resources in the repository using the [Issues feature](https://github.com/usnistgov/macos_security/issues/new).
=== Operating Rules
### Operating Rules
These operating rules describe and govern NISTs management of this repository and contributors responsibilities. NIST reserves the right to modify this policy at any time.
=== Criteria for Contributions and Feedback
### Criteria for Contributions and Feedback
This is a moderated platform. NIST will only accept contributions that are contributed per the terms of the license file. Contributors may submit links or materials for hosting in the repository. Upon submission, materials will be public and considered publicly available information, unless noted in the license file.
NIST reserves the right to reject, remove, or edit any contribution or feedback, including anything that:
@@ -15,12 +15,12 @@ NIST reserves the right to reject, remove, or edit any contribution or feedback,
* contains abusive or vulgar content, spam, hate speech, personal attacks, or similar content;
* is clearly "off topic";
* makes unsupported accusations;
* includes personally identifiable or business identifiable information according to Department of Commerce Office of Privacy and Open Government (http://www.osec.doc.gov/opog/privacy/PII_BII.html[guidelines]; or,
* includes personally identifiable or business identifiable information according to Department of Commerce Office of Privacy and Open Government [guidelines](http://www.osec.doc.gov/opog/privacy/PII_BII.html); or,
* contains .exe or .jar file types.
_These file types will not be hosted in the NIST repository; instead, NIST may link to these if hosted elsewhere._
=== Contributor Responsibilities
### Contributor Responsibilities
NIST also reserves the right to reject or remove contributions from the repository if the contributor fails to carry out any of the following responsibilities:
* following the contribution instructions;
@@ -28,4 +28,4 @@ NIST also reserves the right to reject or remove contributions from the reposito
* responding to NIST representatives in a timely manner;
* keeping contributions and contributor GitHub username up to date
*GitHub Help:* If you're having trouble with these instructions, and need more information about GitHub, pull requests, and issues, visit GitHub's Help https://help.github.com/categories/collaborating-with-issues-and-pull-requests/[page].
**GitHub Help:** If you're having trouble with these instructions, and need more information about GitHub, pull requests, and issues, visit GitHub's Help [page](https://help.github.com/categories/collaborating-with-issues-and-pull-requests/).

71
README.adoc
View File

@@ -1,71 +0,0 @@
image::templates/images/mscp_banner_outline.png[]
// settings:
:idprefix:
:idseparator: -
ifndef::env-github[:icons: font]
ifdef::env-github[]
:status:
//:outfilesuffix: .adoc
:caution-caption: :fire:
:important-caption: :exclamation:
:note-caption: :paperclip:
:tip-caption: :bulb:
:warning-caption: :warning:
endif::[]
:uri-org: https://github.com/usnistgov
:uri-repo: {uri-org}/macos_security
ifdef::status[]
image:https://badgen.net/badge/icon/apple?icon=apple&label[link="https://www.apple.com/"]
image:https://badgen.net/badge/icon/14.0?icon=apple&label[link="https://www.apple.com/macos"]
endif::[]
IMPORTANT: We recommend working off of one of the OS branches, rather than the `main` branch.
The macOS Security Compliance Project is an link:LICENSE.md[open source] effort to provide a programmatic approach to generating security guidance. The configuration settings in this document were derived from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, _Security and Privacy Controls for Information Systems and Organizations_, Revision 5. This is a joint project of federal operational IT Security staff from the National Institute of Standards and Technology (NIST), National Aeronautics and Space Administration (NASA), Defense Information Systems Agency (DISA), and Los Alamos National Laboratory (LANL).
This project is the technical implementation of NIST Special Publication, 800-219 (Rev. 1) https://csrc.nist.gov/pubs/sp/800/219/r1/final[Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)]. NIST Special Publication 800-219 is the official guidance from for automated secure configuration for macOS.
Apple acknowledges the macOS Security Compliance Project with information on their https://support.apple.com/guide/certifications/macos-security-compliance-project-apc322685bb2/web[Platform Certifications] page.
This project can be used as a resource to easily create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to the compliance requirements defined in NIST SP 800-53 (Rev. 5). It can also be used to develop customized guidance to meet the particular cybersecurity needs of any organization.
To learn more about the project, please see the {uri-repo}/wiki[wiki].
If you are interested in supporting the development of the project, refer to the link:CONTRIBUTING.adoc[contributor guidance] for more information.
== Usage
Civilian agencies are to use the National Checklist Program as required by https://csrc.nist.gov/publications/detail/sp/800-70/rev-4/final[NIST 800-70].
[NOTE]
====
Part 39 of the Federal Acquisition Regulations, section 39.101 paragraph (c) states, “In acquiring information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of Standards and Technologys website at https://checklists.nist.gov. Agency contracting officers should consult with the requiring official to ensure the appropriate standards are incorporated.”
====
== Authors
[width="100%",cols="1,1"]
|===
|Bob Gendler|NIST
|Allen Golbig|Jamf
|Dan Brodjieski|NASA
|John Mahlman IV|Leidos
|Aaron Kegerreis|DISA
|Henry Stamerjohann|Zentral Pro Services GmbH
|Marco A Piñeryo II|State Department
|Jason Blake|NIST
|Blair Heiserman|NIST
|Joshua Glemza|NASA
|Elyse Anderson|NASA
|Gary Gapinski|NASA
|===
== Changelog
Refer to the link:CHANGELOG.adoc[CHANGELOG] for a complete list of changes.
== NIST Disclaimer
Any identification of commercial or open-source software in this document is done so purely in order to specify the methodology adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the software identified are necessarily the best available for the purpose.

52
README.md Normal file
View File

@@ -0,0 +1,52 @@
![Alt text](templates/images/mscp_banner_outline.png)
![Alt text](https://badgen.net/badge/icon/apple?icon=apple&label)
![Alt text](https://badgen.net/badge/icon/14.0?icon=apple&label)
> [!IMPORTANT]
> We recommend working off of one of the OS branches, rather than the `main` branch.
The macOS Security Compliance Project is an link:LICENSE.md[open source] effort to provide a programmatic approach to generating security guidance. The configuration settings in this document were derived from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, _Security and Privacy Controls for Information Systems and Organizations_, Revision 5. This is a joint project of federal operational IT Security staff from the National Institute of Standards and Technology (NIST), National Aeronautics and Space Administration (NASA), Defense Information Systems Agency (DISA), and Los Alamos National Laboratory (LANL).
This project is the technical implementation of NIST Special Publication, 800-219 (Rev. 1) [Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)](https://csrc.nist.gov/pubs/sp/800/219/r1/final). NIST Special Publication 800-219 is the official guidance from for automated secure configuration for macOS.
Apple acknowledges the macOS Security Compliance Project with information on their [Platform Certifications](https://support.apple.com/guide/certifications/macos-security-compliance-project-apc322685bb2/web) page.
This project can be used as a resource to easily create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to the compliance requirements defined in NIST SP 800-53 (Rev. 5). It can also be used to develop customized guidance to meet the particular cybersecurity needs of any organization.
To learn more about the project, please see the [wiki](https://github.com/usnistgov/macos_security/wiki).
If you are interested in supporting the development of the project, refer to the [contributor guidance](CONTRIBUTING.md) for more information.
## Usage
Civilian agencies are to use the National Checklist Program as required by [NIST 800-70](https://csrc.nist.gov/publications/detail/sp/800-70/rev-4/final).
> [!NOTE]
> Part 39 of the Federal Acquisition Regulations, section 39.101 paragraph (c) states, “In acquiring information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of Standards and Technologys website at https://checklists.nist.gov. Agency contracting officers should consult with the requiring official to ensure the appropriate standards are incorporated.”
## Authors
|||
|----|----|
|Bob Gendler|NIST|
|Allen Golbig|Jamf
|Dan Brodjieski|NASA
|John Mahlman IV|Leidos
|Aaron Kegerreis|DISA
|Henry Stamerjohann|Zentral Pro Services GmbH
|Marco A Piñeryo II|State Department
|Jason Blake|NIST
|Blair Heiserman|NIST
|Joshua Glemza|NASA
|Elyse Anderson|NASA
|Gary Gapinski|NASA
## Changelog
Refer to the [CHANGELOG](CHANGELOG.md) for a complete list of changes.
## NIST Disclaimer
Any identification of commercial or open-source software in this document is done so purely in order to specify the methodology adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the software identified are necessarily the best available for the purpose.