Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration

ekkehard
Contributor
8 REPLIES 8

krispayne
Contributor

This is so much harder to read than the CIS benchmarks. Is there anything in here that's any different or more valuable?

gachowski
Valued Contributor II

I looked at it very fast and didn't see anything that was out of the ordinary, mostly the same CIS....

C

ekkehard
Contributor

Well it is NIST.

gachowski
Valued Contributor II

At the end of the doc there is more of a chart that makes a little easy to read : )

krispayne
Contributor

I might need to eye-bleach, I couldn't get over the line numbering and just stopped scrolling.

This should do it:
optional image ALT text

Taylor_Armstron
Valued Contributor

In all honesty, while I appreciate the work that went into this, a "draft" of 10.10, when 10.12 is on its way is not very useful. CIS has increased their pace (disclaimer, I've contributed to the CIS benchmarks in the past), and is at least only a few months behind OS releases now... but CIS has their 10.11 benchmark published, and NIST has a draft of 10.10 out when 10.12 is dropping in a few months (and 10.10 likely will be deprecated)....

too little too late.

gachowski
Valued Contributor II

@Taylor.Armstrong

100% agree and thank you for contributed to the CIS benchmarks, the benchmarks make my job many times easier...

C

Taylor_Armstron
Valued Contributor

@gachowski My pleasure! Although the last one I had any significant amount of work on was 10.8 😞 I'd encourage anyone with enough spare cycles to join the CIS group though - it is all volunteer, with a small "core" group and a larger group of people who drop in to test things as they're able, and the more people working on it, the faster they can go. Work is already getting started on Sierra, which is why I question the value of anything like a 10.10 document at this point. Between CIS and Casper, our goal now is to have a secure baseline and be rolling it out within 45 days of the CIS benchmark release, which means hopefully fully upgraded (and secured) within 5-6 months of the OS release.