-
Notifications
You must be signed in to change notification settings - Fork 207
Generate a Baseline
The project provides the following baseline files, located in the /baselines/
folder:
-
NIST 800-53
-
macOS, iOS/iPadOS, and visionOS
-
High
800-53r5_high.yaml
-
Moderate
800-53r5_moderate.yaml
-
Low
800-53r5_low.yaml
-
-
-
DISA-STIG
-
macOS
-
DISA-STIG.yaml
-
-
iOS/iPadOS
-
iOS STIG
ios_stig.yaml
-
iOS STIG BYOAD
ios_stig_byoad.yaml
-
-
-
NIST 800-171
800-171.yaml
-
CIS
-
macOS
-
CIS Level 1
cis_lvl1.yaml
-
CIS Level 2
cis_lvl2.yaml
(Contains Level 1)
-
-
iOS/iPadOS
-
CIS Level 1 BYOD
cis_lvl1_byod.yaml
-
CIS Level 2 BYOD
cis_lvl2_byod.yaml
-
CIS Level 1 Enterprise
cis_lvl1_enterprise.yaml
-
CIS Level 2 Enterprise
cis_lvl1_enterprise.yaml
-
-
-
CIS Controls V8
cisv8.yaml
-
CMMC Level 1
cmmc_lvl1.yaml
-
CMMC Level 2
cmmc_lvl2.yaml
-
CNSSI 1254
-
High
cnssi-1254_high.yaml
-
Moderate
cnssi-1254_moderate.yaml
-
Low
cnssi-1254_low.yaml
-
-
indigo (iOS Only)
-
Base
indigo_base.yaml
-
High
indigo_high.yaml
-
❗
|
Never work off the main branch, always git checkout one of the OS branches.
|
If you want to create your own baseline or modify an existing baseline, the generate-baseline.py
found in the scripts folder will generate a {baseline}.yaml
file containing all the rules corresponding with the provided tag (baseline). This {baseline}.yaml
is required to run the generate-guidance.py
script.
➜ macos_security git:(sequoia) ./scripts/generate_baseline.py -l
800-171
800-53r4_high
800-53r4_low
800-53r4_moderate
800-53r5_high
800-53r5_low
800-53r5_moderate
800-53r5_privacy
US_HIPAA
all_rules
arm64
cis_lvl1
cis_lvl2
cisv8
cmmc_lvl1
cmmc_lvl2
cnssi-1253_high
cnssi-1253_low
cnssi-1253_moderate
i386
inherent
manual
n_a
none
permanent
srg
stig
supplemental
➜ macos_security git:(sequoia) ./scripts/generate_baseline.py -k 800-53r5_moderate
➜ macos_security git:(sequoia) ls -dn build/baselines/*
-rw-r--r-- 1 501 20 6350 Jan 19 13:30 build/baselines/800-53r5_moderate.yaml