U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

macOS Security APPLE-OS

Overview

NIST has traditionally published secure configuration guides for Apple operating systems, e.g., NIST SP 800-179. The macOS Security Compliance Project (mSCP) seeks to simplify the macOS security development cycle by reducing the amount of effort required to implement security baselines. This collaboration between federal organizations minimizes the duplicate effort that would be required to administer individual security baselines. Additionally, the secure baseline content provided is easily extensible by other parties to implement their own security requirements. The latest recommended baseline content is maintained and updated in support of macOS on the mSCP GitHub page.

The mSCP has an intended audience beyond just IT security professionals and developers. Its documentation-generating capabilities also support the needs of information security officers, auditors and policy authors. Additionally, the mSCP functionality can be employed by configuration assessment and management tool vendors.

NIST will no longer produce specific SP guidance documents for each macOS release but will continuously curate and update the guidance included in the mSCP to keep up with each macOS release version. Updates to SP 800-219 will be released as needed when there are substantial changes to the mSCP.

 

For the most up to date macOS security recommendations, please visit the mSCP GitHub page listed below, which is supported by SP-800-219, Apple Security Guidance: macOS Security Compliance Project.

https://github.com/usnistgov/macos_security

Created August 31, 2016, Updated January 20, 2022