title: "macOS 26.0: Security Configuration - US CMMC 2.0 Level 1" description: | This guide describes the actions to take when securing a macOS 26.0 system against the US CMMC 2.0 Level 1 security baseline. Information System Security Officers and benchmark creators can use this catalog of settings in order to assist them in security benchmark creation. This list is a catalog, not a checklist or benchmark, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios. authors: | *macOS Security Compliance Project* |=== |John Mahlman|Leidos |Bob Gendler|National Institute of Standards and Technology |Dan Brodjieski|National Aeronautics and Space Administration |Allen Golbig|Jamf |=== parent_values: "recommended" profile: - section: "authentication" rules: - auth_smartcard_allow - auth_smartcard_enforce - auth_ssh_password_authentication_disable - section: "icloud" rules: - icloud_addressbook_disable - icloud_appleid_system_settings_disable - icloud_bookmarks_disable - icloud_calendar_disable - icloud_drive_disable - icloud_freeform_disable - icloud_game_center_disable - icloud_keychain_disable - icloud_mail_disable - icloud_notes_disable - icloud_photos_disable - icloud_private_relay_disable - icloud_reminders_disable - icloud_sync_disable - section: "macos" rules: - os_account_modification_disable - os_airdrop_disable - os_appleid_prompt_disable - os_authenticated_root_enable - os_config_data_install_enforce - os_dictation_disable - os_filevault_autologin_disable - os_firmware_password_require - os_gatekeeper_enable - os_genmoji_disable - os_handoff_disable - os_home_folders_secure - os_httpd_disable - os_icloud_storage_prompt_disable - os_image_playground_disable - os_iphone_mirroring_disable - os_mail_smart_reply_disable - os_mail_summary_disable - os_nfsd_disable - os_notes_transcription_disable - os_notes_transcription_summary_disable - os_on_device_dictation_enforce - os_photos_enhanced_search_disable - os_rapid_security_response_allow - os_rapid_security_response_removal_disable - os_recovery_lock_enable - os_root_disable - os_safari_reader_summary_disable - os_sip_enable - os_siri_prompt_disable - os_skip_apple_intelligence_enable - os_skip_unlock_with_watch_enable - os_tftpd_disable - os_unlock_active_user_session_disable - os_uucp_disable - os_writing_tools_disable - section: "systemsettings" rules: - system_settings_automatic_login_disable - system_settings_bluetooth_sharing_disable - system_settings_critical_update_install_enforce - system_settings_diagnostics_reports_disable - system_settings_external_intelligence_disable - system_settings_external_intelligence_sign_in_disable - system_settings_find_my_disable - system_settings_firewall_enable - system_settings_firewall_stealth_mode_enable - system_settings_guest_access_smb_disable - system_settings_guest_account_disable - system_settings_improve_assistive_voice_disable - system_settings_improve_search_disable - system_settings_improve_siri_dictation_disable - system_settings_internet_accounts_disable - system_settings_internet_sharing_disable - system_settings_loginwindow_prompt_username_password_enforce - system_settings_media_sharing_disabled - system_settings_personalized_advertising_disable - system_settings_rae_disable - system_settings_screen_sharing_disable - system_settings_security_update_install - system_settings_siri_disable - system_settings_smbd_disable - system_settings_softwareupdate_current - system_settings_ssh_disable - system_settings_ssh_enable - system_settings_system_wide_preferences_configure - section: "Inherent" rules: - os_logical_access - os_malicious_code_prevention - section: "Permanent" rules: - os_auth_peripherals - section: "Supplemental" rules: - supplemental_controls - supplemental_filevault - supplemental_firewall_pf - supplemental_password_policy - supplemental_smartcard