Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-179 Rev. 1 (Initial Public Draft)

Guide to Securing Apple macOS 10.12 Systems for IT Professionals: A NIST Security Configuration Checklist

Date Published: October 2018
Comments Due: November 16, 2018 (public comment period is CLOSED)
Email Questions to:

Planning Note (06/24/2022): Work on this draft has been discontinued. See NIST SP 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP).


Mark Badger (NIST), Murugiah Souppaya (NIST), Mark Trapnell (NIST), Eric Trapnell (NIST), Dylan Yaga (NIST), Karen Scarfone (Scarfone Cybersecurity)


In today’s computing environment, the security of all computing resources, from network infrastructure devices to users’ desktop and laptop computers, is essential. There are many threats to users’ computers, ranging from remotely launched network service exploits to malware spread through emails, websites, and file downloads. When an IT security configuration checklist (e.g., hardening or lockdown guide) is applied to a system in combination with trained system administrators and a sound and effective security program (which includes a robust patch management program), a substantial reduction in vulnerability exposure can be achieved.

NIST invites comments on Draft Special Publication (SP) 800-179 Revision 1, Guide to Securing macOS 10.12 Systems for IT Professionals: A NIST Security Configuration Checklist. This publication assists IT professionals in securing macOS 10.12 desktop and laptop systems within various environments. It provides detailed information about the security features of macOS 10.12 and security configuration guidelines. The publication recommends and explains tested, secure settings with the objective of simplifying the administrative burden of improving the security of macOS 10.12 systems in three types of environments: standalone, managed, and specialized security-limited functionality.

You are strongly encouraged to submit comments using the comment template.



Apple OS X; checklist; endpoint device security; hardening guide; host security; macOS; mobile device security; operating system security; secure configuration
Control Families

None selected


Draft SP 800-179 Rev. 1 (pdf)

Supplemental Material:
Comment template (xlsx)
Supplemental Content (GitHub)

Related NIST Publications:
SP 800-70 Rev. 4
IR 7275 Rev. 4
IR 7692
ITL Bulletin

Document History:
10/19/18: SP 800-179 Rev. 1 (Draft)