Scripting CIS security recommendations

The nonprofit organization Center for Internet Security (CIS) regularly releases security recommendations for operating systems and software.

Their CIS Apple macOS 10.13 Benchmark is for High Sierra, but most of the recommendations are relevant to Mojave as well. They categorize their recommendations into three categories, recognizing that some will negatively impact usability and perhaps aren’t necessary in most organizations either.

The benchmark has a neat list of shell commands to test your settings and change them. The best way to understand the recommendations is by flipping through them, reading the reasoning behind them and trying the commands.

The latest CIS macOS Benchmark is still relevant.

Jamf has, in cooperation with CIS, created scripts to test and configure the recommendations. These were updated by Eirin McDonald in January 2019 for the latest set of recommendations, and can be found on the Jamf GitHub.

A good way to use these is by selecting the particular settings that work well and are relevant in your organization. Then make your own custom scripts and profiles, using what Jamf has supplied as a reference, implementing them in a targeted manner. Some are very useful as part of an initial configuration script.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s