Intune Stuff | The Community place for Microsoft Intune, Intune Suite, Autopilot, macOS Management, Copilot for Security.

Create Compliance Baselines with Jamf Compliance Editor to Master Security Standards

by | Dec 5, 2024 | Intune, MacOS, Microsoft, Security, Top Stories | 0 comments

Hi Community,

If you need to create compliance baselines you will probably know that this is not an easy task. With the Compliance Editor by Jamf this task will be a lot easier. This tool is totally free to use. It only runs on macOS so no Windows version available.

Jamf Compliance Editor is a tool that provides macOS, iOS, iPadOS, and visionOS system administrators with an easy way to establish and manage compliance baselines on their fleet of Apple devices.

This tool is built on the foundations of the macOS Security Compliance Project, hosted by the United States government agency, NIST, in their Github repo.

This application features:

  • Easily selectable benchmark/baselines for customization
  • Support for all variations of benchmark/baselines currently offered by the macOS Security Compliance Project.
  • Support for major macOS, iOS, iPadOS, & visionOS version(s)
  • Modificiation of organization-defined values (ODV) from the core compliance project specifications
  • Local storage of your custom benchmark(s) for editing later
  • An easy-to-use UI that eliminates the need for complicated scripting
  • One-click guidance creation that includes:
    • PDF, Excel, HTML, and Adoc for audit review with option to add branding
    • (macOS only) Shell script (zsh) that can audit and remediate endpoint
    • All configuration profiles needed to be uploaded to MDM server
    • (macOS only) Jamf Pro Extension Attributes that will submit status of benchmark/baseline of endpoints

Here is the link to the macOS Security Compliance Project.

GitHub - usnistgov/macos_security: macOS Security Compliance Project
macOS Security Compliance Project. Contribute to usnistgov/macos_security development by creating an account on GitHub.

 

Regulated industries and government agencies that handle sensitive or classified data are required by their InfoSec teams to harden and secure endpoints as much as possible. Other organizations may not need the highest security possible, but may still want to achieve a custom level of security they can track and enforce. Staying on top of all the changes and features in every macOS, iOS, iPadOS, or visionOS release is cumbersome and time-consuming and may lead to data leaks or exfiltration.

Various government entities and organizations have provided guidance that details settings/controls that should be reviewed when developing security compliance policies. These are known as security benchmarks. A benchmark is a set of best-practice cybersecurity standards for a range of IT systems and products.

Your organization may choose to develop its own security benchmark or may be required to adopt one of the well-known security benchmarks or baselines including CIS, NIST 800-53 & 800-171, DISA STIG, CNSSI, indigo, or CMMC.

The tool will create a set of predefined policies which you can import into Intune.

 

 

How to use the Compliance Editor tool

Download the tool from here.

Jamf Compliance Editor Download

 

Open the tool and accept the license agreement.

jamf

 

Now click on Create new project.

 

jamf

 

Select the macOS version on where you want to build your compliance baseline on. In my case i will select Sequoia.

 

 

Save your project branch on your device.

 

jamf

 

Now you can select the Security Benchmark of your choice. I will opt for CIS Benchmark – Level 2.

 

jamf

 

Click ok, to create.

 

 

Now you will see the different sections for where policies are listed. You can click on the different sections to view all policies for that specific section.

 

jamf

 

Auditing section:

 

jamf

 

iCloud section:

 

 

macOS section:

 

jamf

 

Password Policy section:

 

jamf

 

System Setting section:

 

jamf

 

Supplemental section:

 

jamf

 

If you click show all at the botton you will see all the policies in the tool. You can choose aditional policies if needed. You can also search for a policy and sort by ID, name and CIS control.

 

jamf

 

You can edit the policies if you want by selecting a policy and clicking edit.

 

Jamf

 

jamf

 

You will also notice that some of the policies are greyed out in this template if you click show all at the bottom, you can simply add them to your project by selecting them.

 

jamf

 

When you are done with editing or adding the different policies click Create Guidance.

 

jamf

 

Click view project to view all created policies.

 

jamf

 

Explorer will now open.

 

Compliance Editor

 

This tool can make your life a lot easier when it comes to create baselines for the security standard.

And as always if you feel there is something in error or you want to add some stuff from your own experience don’t hesitate to contact me!

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Buy me a Duvel 😉

Discover more from IntuneStuff

Subscribe now to keep reading and get access to the full archive.

Continue reading