- Jamf Nation Community
- Products
- Jamf Protect
- Re: Jamf Compliance Editor: Sequioa
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-15-2024 12:57 AM
Hey,
What is the recommended way of handling compliance with the upcoming Sequioa release? I have used the Jamf Compliance Editor to create config profiles for Sonoma, which was very convenient, since the JCE let's you upload perfectly name config profiles for Sonoma and its predecessors.
If I am not mistaken, the JCE does not currently support Sequoia, yet. For now, I have set major OS updates to be deferred by 90 days, so I can sort this out.
How do you guys handle this?
When is the JCE likely to be updated?
Thank you for your help.
Toby
Solved! Go to Solution.
Labels:
- Labels:
-
Jamf Compliance Editor
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-15-2024 03:08 AM
At its core Compliance Editor relies pretty heavily on MacOS Security Compliance project.
Compliance Editor just has a really user friendly GUI instead of command line only.
As far as I know, you have 2 options at this point in time.
- Use the MacOS Security Compliance project command line version
- Modify your JCE Preferences to show all branches (including draft)
If you choose to make the modification it will show branches that are still under development as well as released. Run this with JCE closed:
defaults write com.jamf.complianceeditor showAllBranches -bool trueOn open it will show all of the branches with Sequioa towards the bottom of the list.
Side note - I have heard the final version for the CIS benchmarks will probably be an October release. Maybe this is when Sequioa branch will come out of draft branch? But no official word yet. You may want to join the Macadmins slack and join the #jamf-compliance-editor channel as it will likely be posted there first.
Reply
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2024 02:23 AM - edited 09-15-2024 02:35 AM
Sequioa release for MSCP was published a few days ago. Beware some of the benchmarks listed are still marked as draft.
Release Sequoia Guidance Revision 1.0 · usnistgov/macos_security (github.com)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-15-2024 02:29 AM
Yeah, I saw that. I am using the Compliance Editor GUI. How does that tie in with the release?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-15-2024 03:08 AM
At its core Compliance Editor relies pretty heavily on MacOS Security Compliance project.
Compliance Editor just has a really user friendly GUI instead of command line only.
As far as I know, you have 2 options at this point in time.
- Use the MacOS Security Compliance project command line version
- Modify your JCE Preferences to show all branches (including draft)
If you choose to make the modification it will show branches that are still under development as well as released. Run this with JCE closed:
defaults write com.jamf.complianceeditor showAllBranches -bool trueOn open it will show all of the branches with Sequioa towards the bottom of the list.
Side note - I have heard the final version for the CIS benchmarks will probably be an October release. Maybe this is when Sequioa branch will come out of draft branch? But no official word yet. You may want to join the Macadmins slack and join the #jamf-compliance-editor channel as it will likely be posted there first.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-15-2024 03:46 AM
Brilliant answer. Thank you for your help!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2024 08:33 AM - edited 09-16-2024 08:34 AM
Did you hear or see anthing on iOS 18 CIS Benchmark by chance?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2024 03:53 AM
No sorry I have not. Was mainly keeping an eye out for desktop/laptop side.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-24-2024 06:22 AM
I'm interested in learning more about the compliance project's CLI. Is there a separate binary for that which is different from the JCE I guess? I haven't seen anything about a CLI except for this post.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-17-2024 08:15 AM
@exo - just out of curiosity, how did you create the actual config profile for managing the OS update deferrals while also using the config profiles that JCE auto built?
The OS update deferrals are pretty easily set if you use the UI for Restrictions.... but there's a lot of other settings in there that will also step all over the arcane XML/mobileconfigs that JCE has put in place. So I'm not really sure where to actually put the settings for the deferral.
What did you do? Thanks
