Monitor and Enforce Your Organization's Compliance Baseline Requirements for macOS

Jamf Trusted Access Solution Guide for Business
Solution
Application
Content Type
Technical Documentation
Solution Guide
Utilities & Services
ft:locale
en-US

Cybersecurity benchmarks, such as the Center for Internet Security (CIS) benchmark for macOS, are frameworks that provide information security teams a checklist of security standards.

The Jamf Trusted Access solution prescribes these tools that empower you to continuously monitor and enforce compliance requirements to meet your organizational compliance standards:

Use the macOS Security portal to monitor your organization's macOS computers against common security standards. To enforce your compliance baseline, use the Jamf Compliance Editor app to generate configuration profiles that match your organization's compliance rules and distribute them with your UEM or MDM solution.
Compliance baseline reporting within Jamf Protect is an essential tool for verifying that your organization meets its security benchmark requirements, enhancing security workflows, addressing weak points, and ensuring compliance with regulatory bodies. By utilizing compliance baseline reporting, you gain high-level, categorical, and individual-level insights into the compliance status of each Center for Internet Security (CIS) and Jamf-authored rule for your macOS devices. This proactive approach strengthens your organization's trusted access framework by ensuring that only secure and compliant devices can access sensitive data.
Note:

Jamf Protect presently reports only on rules authored by CIS or Jamf.

Jamf Protect does not report on every CIS baseline rule to improve system performance. Refer to the latest CIS benchmark for a full list of recommended rules.

  1. In the macOS Security portal, add the compliance baseline feature to your plan and select which baseline rules apply to your organization.

  2. Create a corresponding project in Jamf Compliance Editor using a template that includes CIS level I or II benchmark settings.

  3. Upload the project files to Jamf Pro, and then distribute them to a smart computer group that includes all computers with Jamf Protect installed.