-
Notifications
You must be signed in to change notification settings - Fork 208
Vendor Attribution
The following vendors have contributed to or implemented various portions of the macOS Security Compliance Project in their products.
Product and/or vendor acknowledgement does not constitute recommendation or endorsement by the National Institute of Standards and Technology.
Apple - Apple Professional Services
Center for Internet Security - CIS macOS Benchmark
"By contributing our secure configuration expertise to the NIST macOS Security Compliance Project, we are supporting our mission in making the connected world a safer place by promoting timely, consistent macOS configuration security best practices which will help people, businesses, and governments better protect themselves against pervasive cyber threats." — Center for Internet Security (CIS)
Jamf - Jamf Compliance Editor
"By implementing automated monitoring and enforcement of the compliance standards published by the NIST Special Publication 800-219 (macOS Security Compliance Project), Jamf easily helps organizations maintain OS compliance of the latest macOS releases according to industry recognized hardening benchmarks." — Jamf
Mosyle - Mosyle Business
"macOS hardening & compliance is a foundational requirement for all organizations using Apple as they work to minimize risk. It would take countless labor hours if each company had to dissect the operating system and applications within their environment to achieve this goal. The excellent work by NIST macOS Security compliance project and other trusted standards provide frameworks and methodologies to alleviate the burden of individually identifying each setting and feature’s “safe” configuration. As macOS increases in capabilities with each version, so does the library of controls these frameworks address. These public projects continue to grow in scale and value through the collaborative effort put forth by their authors. We rely on these resources to provide our customers with easy to implement, standards-based security controls for each entity’s hardening and compliance needs." — Mosyle
Tenable
"Tenable, Inc. automated the conversion of https://github.com/usnistgov/macos_security YAML rules into the .audit format using Python and YAML libraries. Programmatically approaching this conversion allows for faster future releases, consistency, and maintaining the integrity of the source content. Because the YAML content is all command driven, this is converted to Tenable’s CMD_EXEC check type for use with the Unix plugin. The YAML rules have a “tags” section that was used to create unique audit profiles related to common frameworks." — Tenable
Naval Information Warfare Center (NIWC) Atlantic: SCAP Compliance Checker (SCC)
"The SCC development team at NIWC Atlantic assisted in developing and troubleshooting SCAP content for the macOS Security Compliance Project. NIWC Atlantic tests the content using SCC, and bundles the content released by the macOS Security Compliance Project with SCC to promote security automation on MacOS."
Qmulos
"Qmulos Apple Compliance leverages the NIST macOS Security Compliance Project to bring secure configuration assessment data to our flagship product Q-Compliance, which is built on top of the leading big data platform, Splunk. Qmulos products provide the ability to continuously assess in near real-time and report against multiple frameworks like NIST 800-53, CMMC, CIS and many more. We are the only platform enabling Converged Continuous Compliance® enterprise wide."
Addigy
"Using the macOS Security Compliance Project, Addigy facilitates a seamless approach to implementing, monitoring, and enforcing the most recent CIS and NIST benchmarks. We ardently advocate for the notion that simplifying the journey toward device compliance is crucial in bolstering global security and mitigating cyber threats."