NIST Finalizes macOS Security Guidance

No operating system is immune to threats and a thorough endpoint security strategy accommodates the requirements for each one. Towards that end, the National Institute of Standards and Technology (NIST) has published the final version of its guidance on securing macOS endpoints.

NIST SP 800-219 provides system administrators, security professionals, security policy authors, information security officers, and auditors with resources to secure and assess macOS desktop and laptop system security in an automated way. Instead of having to produce a new guidance document for each macOS release, NIST will focus on continuously curating and updating the information in one format as part of the open source macOS Security Compliance Project.

Based on the collaboration between NIST, NASA, the Defense Information Systems Agency, and Los Alamos National Laboratory, the goal of the mSCP is to simplify macOS security development cycle by reducing the amount of effort required to implement security baselines, NIST says.

NIST uses security baselines to refer to “groups of settings used to configure a system to meet a target level or set of requirements or to verify that a system complies with requirements.” The project is intended to help IT and security staff create customized security baselines of technical security controls by leveraging a library of rules, with each rule mapped to requirements from security standards, regulations, or frameworks, NIST says in the guidance document.

The mSCP provides scripts that can be used with baselines to create scripts and profiles for configuring macOS; generating a mapping between security standards, regulations, and frameworks; producing human-readable documentation in a variety of formats; customizing existing baselines; and to generate Security Content Automation Protocol (SCAP) content for use in automated security compliance scans.

Security baselines and associated rules for configuring and managing macOS endpoint devices can be found on mSCP’s GitHub page. Organizations should take a risk-based approach for selecting the appropriate settings and defining values ​​that consider the context under which the baseline will be utilized, NIST says.

Make it Easier to Upgrade

Agencies and organizations typically delay deploying the new macOS release because they are waiting for guidance. The mSCP is intended to provide guidance of the security features in new operating system releases at the earliest availability.

Generally, the technical security settings in macOS do not drastically change from release to release, with only a handful of new settings being introduced. By pursuing a rules-based approach, mSCP rules that remain applicable can be reused and incorporated into guidance for the latest macOS version. This enables quicker adoption of new security features that are not offered in prior versions of macOS, ”NIST says.

Source

No operating system is immune to threats and a thorough endpoint security strategy accommodates the requirements for each one. Towards that end, the National Institute of Standards and Technology (NIST) has published the final version of its guidance on securing macOS endpoints.

NIST SP 800-219 provides system administrators, security professionals, security policy authors, information security officers, and auditors with resources to secure and assess macOS desktop and laptop system security in an automated way. Instead of having to produce a new guidance document for each macOS release, NIST will focus on continuously curating and updating the information in one format as part of the open source macOS Security Compliance Project.

Based on the collaboration between NIST, NASA, the Defense Information Systems Agency, and Los Alamos National Laboratory, the goal of the mSCP is to simplify macOS security development cycle by reducing the amount of effort required to implement security baselines, NIST says.

NIST uses security baselines to refer to “groups of settings used to configure a system to meet a target level or set of requirements or to verify that a system complies with requirements.” The project is intended to help IT and security staff create customized security baselines of technical security controls by leveraging a library of rules, with each rule mapped to requirements from security standards, regulations, or frameworks, NIST says in the guidance document.

The mSCP provides scripts that can be used with baselines to create scripts and profiles for configuring macOS; generating a mapping between security standards, regulations, and frameworks; producing human-readable documentation in a variety of formats; customizing existing baselines; and to generate Security Content Automation Protocol (SCAP) content for use in automated security compliance scans.

Security baselines and associated rules for configuring and managing macOS endpoint devices can be found on mSCP’s GitHub page. Organizations should take a risk-based approach for selecting the appropriate settings and defining values ​​that consider the context under which the baseline will be utilized, NIST says.

Make it Easier to Upgrade

Agencies and organizations typically delay deploying the new macOS release because they are waiting for guidance. The mSCP is intended to provide guidance of the security features in new operating system releases at the earliest availability.

Generally, the technical security settings in macOS do not drastically change from release to release, with only a handful of new settings being introduced. By pursuing a rules-based approach, mSCP rules that remain applicable can be reused and incorporated into guidance for the latest macOS version. This enables quicker adoption of new security features that are not offered in prior versions of macOS, ”NIST says.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Vicarius vsociety enables peer-to-peer networking and open-source collaboration on vulnerability research

Vicarius announced at the Black Hat USA 2022 conference the release of vsociety, a social community...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!