Mac hardening guidlines

Contributor III

Hi all, 


i'm working on the CIS benchmarks for Monterey and i'm stuck at these points :


Ensure Security Auditing Flags For User-Attributable Events Are Configured Per Local Organizational Requirements (Automated)


Ensure install.log Is Retained for 365 or More Days and No Maximum Size (Automated)


Ensure Security Auditing Retention Is Enabled (Automated)


Ensure Access to Audit Records Is Controlled (Automated)


Ensure Sealed System Volume (SSV) Is Enabled (Automated)


Ensure Appropriate Permissions Are Enabled for System Wide Applications (Automated)


Ensure the Sudo Timeout Period Is Set to Zero (Automated)


Ensure a Separate Timestamp Is Enabled for Each User/tty Combo (Automated)


Ensure the "root" Account Is Disabled (Automated)


Alert when the log capacity is over 75%


Alert user & admin about audit logging failures


Dedicated user to decrypt the hard disk upon startup


Shut down the system if audit logging stopped



Anybody can help out and share their solution? 


Valued Contributor II

maybe worth looking into this: 

Contributor III

Surprisingly I couldn't find what I'm asking for in there !!


Valued Contributor

What are you trying to do? How to set those settings? Do you have the CIS Benchmark downloaded? It has a check and fix in the document, not to mention the way to set those are in the macOS Security Compliance Project. 

Contributor III

download the zip based on your macOS (Monterey/Ventura), extract and find the pdf in CIS macOS Benchmark folder 

Screenshot 2022-11-22 at 2.26.43 PM.png

Contributor III

@boberito @YanW  i'm trying to find a remediation for the points I mentioned, some of them they are not there at all ! 

- Alert when the log capacity is over 75%

- Alert user & admin about audit logging failures

- Shut down the system if audit logging stopped

And for others i'm getting error when deploying the fix mentioned in the PDF.

Valued Contributor

If you look at the GitHub project. They are there. All of those would be under rules -> audit

Those 3 things are also not part of the CIS macOS Benchmark for Monterey (1.1.0 or 2.0) or even Ventura. So that's why you won't find them in the CIS PDF. They are in the project however.  

Here's an old video on how to use the project -



Honored Contributor III

To add on to what others have suggested, JAMF is working on their own NIST project called JAMF Compliance Editor. Reach out to your JAMF Rep for more info. JAMF had a Open Hours call about this very topic on 11.7 and is planning another call on 12.7 but that is still a tentative date.


Establishing Compliance Baselines (

MacOS Compliance Open Hours - Jamf Nation Community - 276931

Contributor III

Thanks @YanW @boberito @AJPinto  .. truly appreciated.