Hi everyone!
I was wondering if someone knows of a tool or repository where we can find configuration profiles that match the CIS Benchmarks for macOS. At my organization we have JAMF protect and we can see compliant/non compliant devices in regards to the CIS benchmark (But no "remediate" option! So I would like to correct those non compliant devices via config. profiles).
You may want to look into the macOS Security Compliance Project: https://github.com/usnistgov/macos_security/tree/dev_cis_monterey
I think the CIS benchmarks are still in development there
And then there's also this GitHub from jamf from Catalina that might be of some help for some settings:
https://github.com/jamf/CIS-for-macOS-Catalina-CP
Follow the Readme on the links @ljcacioppo shared , run the scripts in correct order with customization made tailored to your org requirements, the config profiles and extension attributes are used to ensure ongoing compliance.
This one is also very good: https://github.com/mvdbent/CIS-macOS-Security
+1 mvdbent
Follow the Readme on the links @ljcacioppo shared , run the scripts in correct order with customization made tailored to your org requirements, the config profiles and extension attributes are used to ensure ongoing compliance.
Just to let you know guys: Some of the tests ran on the script that's created when you use the "-s" flag in the generate_guidelines.sh script fail when supposedly they should pass. See for example the "disable password sharing" test. Even though you disable that option via the "Restrictions" in a configuration profile it will keep on failing until you manually set a custom payload in the config. profile with the keys provided by the guidance PDF.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.