Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Date Published: March 13, 2023
Comments Due: April 27, 2023
Email Comments to: applesec@nist.gov
, , , ,
This draft revision of NIST SP 800-219 provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way.
This publication introduces the mSCP, describes use cases for leveraging the mSCP content, and introduces a new feature of the mSCP that allows organizations to customize security rules more easily. The draft also gives an overview of the resources available on the project’s GitHub site, which provides practical, actionable recommendations in the form of secure baselines and associated rules and is continuously updated to support each new release of macOS.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
None selected
Publication:
SP 800-219 Rev. 1 (Draft) (DOI)
Local Download
Supplemental Material:
mSCP GitHub site (web)
mSCP project documentation (web)
Document History:
03/13/23: SP 800-219 Rev. 1 (Draft)
Security and Privacy
configuration management; controls assessment; security automation; security controls
Technologies
operating systems
Applications
enterprise