Apple OS X Security Configuration

Overview:

CSD is working with Apple to develop secure system configuration baselines supporting different operational environments for Apple OS X, Version 10.8, Mountain Lion, and subsequent versions. These configuration guidelines will assist organizations with hardening OS X technologies, and provide a basis for unified controls and settings for OS X workstations and for mobile system security configurations for federal agencies.

The configurations will be based on a collection of resources, including the existing NIST OS X configuration guidance, the OS X security configuration guide, the Department of Defense (DoD) OS X Recommended Settings, and the Defense Information Systems Agency (DISA) OS X Security Technical Implementation Guide (STIG). Our team is aggregating appropriately 400 initial settings, determining which settings will be included in the configuration baseline, and determining appropriate values for each included setting. As the desired configuration items are established, our team is developing shell scripts that apply the settings to an OS X 10.8 system. The settings are organized into three key baselines, which are appropriate for different environments:

• Enterprise baseline is appropriate for centrally managed, networked systems.
• Small Office Home Office baseline is appropriate for systems that are deployed remotely but need to connect to enterprise networks.
• Special Security Limited Functionality baseline is appropriate for systems where security requirements are more stringent and where the implementation of security safeguards is likely to reduce functionality.

Project Contacts:

Mr. Lee Badger
(301) 975-3176
lee.badger@nist.gov

Mr.Murugiah Souppaya
(301( 975-4102
murugiah.souppaya@nist.gov