- Jamf Nation Community
- Products
- Jamf Pro
- Configuration profiles matching CIS Benchmarks?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-31-2022 04:21 AM
Hi everyone!
I was wondering if someone knows of a tool or repository where we can find configuration profiles that match the CIS Benchmarks for macOS. At my organization we have JAMF protect and we can see compliant/non compliant devices in regards to the CIS benchmark (But no "remediate" option! So I would like to correct those non compliant devices via config. profiles).
Solved! Go to Solution.
Reply
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-31-2022 07:04 AM
You may want to look into the macOS Security Compliance Project: https://github.com/usnistgov/macos_security/tree/dev_cis_monterey
I think the CIS benchmarks are still in development there
And then there's also this GitHub from jamf from Catalina that might be of some help for some settings:
https://github.com/jamf/CIS-for-macOS-Catalina-CP
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-31-2022 11:54 AM
This one is also very good: https://github.com/mvdbent/CIS-macOS-Security
Reply
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-31-2022 07:04 AM
You may want to look into the macOS Security Compliance Project: https://github.com/usnistgov/macos_security/tree/dev_cis_monterey
I think the CIS benchmarks are still in development there
And then there's also this GitHub from jamf from Catalina that might be of some help for some settings:
https://github.com/jamf/CIS-for-macOS-Catalina-CP
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-31-2022 08:41 AM
Follow the Readme on the links @ljcacioppo shared , run the scripts in correct order with customization made tailored to your org requirements, the config profiles and extension attributes are used to ensure ongoing compliance.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-01-2022 04:05 AM
Just to let you know guys: Some of the tests ran on the script that's created when you use the "-s" flag in the generate_guidelines.sh script fail when supposedly they should pass. See for example the "disable password sharing" test. Even though you disable that option via the "Restrictions" in a configuration profile it will keep on failing until you manually set a custom payload in the config. profile with the keys provided by the guidance PDF.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-31-2022 11:54 AM
This one is also very good: https://github.com/mvdbent/CIS-macOS-Security
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-31-2022 04:46 PM
+1 mvdbent
Reply
