Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

macOS Security APPLE-OS


NIST has traditionally published secure configuration guides for Apple operating systems, e.g., NIST SP 800-179. The macOS Security Compliance Project (mSCP) seeks to simplify the macOS security development cycle by reducing the amount of effort required to implement security baselines. This collaboration between federal organizations minimizes the duplicate effort that would be required to administer individual security baselines. Additionally, the secure baseline content provided is easily extensible by other parties to implement their own security requirements. The latest recommended baseline content is maintained and updated in support of macOS on the mSCP GitHub page.

The mSCP has an intended audience beyond just IT security professionals and developers. Its documentation-generating capabilities also support the needs of information security officers, auditors and policy authors. Additionally, the mSCP functionality can be employed by configuration assessment and management tool vendors.

NIST will no longer produce specific SP guidance documents for each macOS release but will continuously curate and update the guidance included in the mSCP to keep up with each macOS release version. Updates to SP 800-219r1 will be released as needed when there are substantial changes to the mSCP.


For the most up to date macOS security recommendations, please visit the mSCP GitHub page listed below, which is supported by SP-800-219r1, Apple Security Guidance: macOS Security Compliance Project.

Created August 31, 2016, Updated September 07, 2023