Help

Help with Firefox CIS Benchmark plist deployment

mattyppp
New Contributor

Posted on ‎06-18-2024 12:57 AM

I'm trying to put together a CIS lvl 1 plist for firefox deployed via JAMF pro and unsure which compliance options are related to which keys in the plist, or where to start beyond adjusting the standard plist, does anyone have any resources to aid with this? or a baseline plist to share?

0 Kudos
Reply
4 REPLIES 4

cassie2698bratt
New Contributor

Posted on ‎06-18-2024 04:17 AM

@mattypppMaryKayInTouch wrote:

I'm trying to put together a CIS lvl 1 plist for firefox deployed via JAMF pro and unsure which compliance options are related to which keys in the plist, or where to start beyond adjusting the standard plist, does anyone have any resources to aid with this? or a baseline plist to share?

Hello,

Crafting a CIS lvl 1 plist for Firefox on JAMF requires mapping CIS settings to plist keys. First of all find the CIS Firefox Benchmark. Look for the settings mapped to registry keys - these keys translate to plist settings for Firefox profiles. JAMF uses plists for configuration. Integrate the Firefox profile plist into your JAMF plist. 

Check JAMF's documentation for details on configuring Firefox profiles with plists. 

I hope the information may help you. 

 

0 Kudos
Reply

mattyppp
New Contributor
In response to cassie2698bratt

Posted on ‎06-19-2024 12:26 AM

thanks for this, this is exactly what I ended up doing, just a bit of trial and error with mapping the .cfg file entries into .plist and getting the values and dictionaries in the right place

 

thanks for everyones help!

0 Kudos
Reply

AJPinto
Honored Contributor III

Posted on ‎06-18-2024 06:06 AM

Generally speaking, CIS level 1 or level 2 does not usually get into application configuration itself. It's mainly OS hardening, and monitoring for malicious and vulnerable configurations.

 

This is the macOS Security Benchmark, there won't be anything for Firefox or really any other application on it. The docs found here will walk you through configuring everything to meet the various NIST benchmarks.

GitHub - usnistgov/macos_security: macOS Security Compliance Project

 

Jamf also has a tool to help automate creating the configurations for CIS level 1 and level 2, however use it with caution as it does not check to see what is already configured elsewhere.

Establishing Compliance Baselines (jamf.com)

0 Kudos
Reply

boberito
Valued Contributor

Posted on ‎06-18-2024 05:20 PM

@AJPinto CIS has benchmarks for browsers as well.

0 Kudos
Reply