Skip to main content
Solved

Configuration profiles matching CIS Benchmarks?

M
Forum|alt.badge.img+2

Hi everyone!

I was wondering if someone knows of a tool or repository where we can find configuration profiles that match the CIS Benchmarks for macOS. At my organization we have JAMF protect and we can see compliant/non compliant devices in regards to the CIS benchmark (But no "remediate" option! So I would like to correct those non compliant devices via config. profiles).

Best answer by ljcacioppo

You may want to look into the macOS Security Compliance Project: https://github.com/usnistgov/macos_security/tree/dev_cis_monterey

I think the CIS benchmarks are still in development there

And then there's also this GitHub from jamf from Catalina that might be of some help for some settings:
https://github.com/jamf/CIS-for-macOS-Catalina-CP

View original
    Did this topic help you find an answer to your question?

    5 replies

    ljcacioppo
    Forum|alt.badge.img+17
    • ljcacioppo
    • Jamf Heroes
    • 183 replies
    • Answer
    • January 31, 2022

    You may want to look into the macOS Security Compliance Project: https://github.com/usnistgov/macos_security/tree/dev_cis_monterey

    I think the CIS benchmarks are still in development there

    And then there's also this GitHub from jamf from Catalina that might be of some help for some settings:
    https://github.com/jamf/CIS-for-macOS-Catalina-CP

    M
    P
    2 people like this
    • M
      ManuCa
    • P
      ProstyleConsult
    M
    Forum|alt.badge.img+12
    • Matt_Roy93
    • Valued Contributor
    • 65 replies
    • January 31, 2022

    Follow the Readme on the links @ljcacioppo shared , run the scripts in correct order with customization made tailored to your org requirements, the config profiles and extension attributes are used to ensure ongoing compliance. 

    M
    P
    2 people like this
    • M
      ManuCa
    • P
      ProstyleConsult
    nickvanjaarsvel
    Forum|alt.badge.img+2

    This one is also very good: https://github.com/mvdbent/CIS-macOS-Security

    M
    1 person likes this
    • M
      ManuCa
    E
    Forum|alt.badge.img+8
    • efil4xiN
    • Valued Contributor
    • 106 replies
    • February 1, 2022

    +1 mvdbent 

    M
    1 person likes this
    • M
      ManuCa
    M
    Forum|alt.badge.img+2
    • ManuCa
    • Author
    • New Contributor
    • 1 reply
    • February 1, 2022
    Matt_Roy93 wrote:

    Follow the Readme on the links @ljcacioppo shared , run the scripts in correct order with customization made tailored to your org requirements, the config profiles and extension attributes are used to ensure ongoing compliance. 


    Just to let you know guys: Some of the tests ran on the script that's created when you use the "-s" flag in the generate_guidelines.sh script fail when supposedly they should pass. See for example the "disable password sharing" test. Even though you disable that option via the "Restrictions" in a configuration profile it will keep on failing until you manually set a custom payload  in the config. profile with the keys provided by the guidance PDF.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings