Official websites do not use .rip
A .gov website belongs to an official government organization in the United States.

We are building a provable archive!
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-219 Rev. 2 (Initial Public Draft)

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

Date Published: June 22, 2026
Comments Due: August 14, 2026
Email Comments to: [email protected]

Author(s)

Eric Trapnell (NIST), Bob Gendler (NIST)

Announcement

This publication provides resources for assessing macOS desktop and laptop, iOS, and visionOS system security in an automated way, including up-to-date and practical recommendations (i.e., secure baselines and associated rules) that are available on the mSCP GitHub site. It also describes use cases for leveraging the mSCP content. Updates from the previous version of this publication highlight the mSCP’s next generation of improvements, including simpler OS version and rule management as well as an expanded audience.

The public comment period is open from June 22 through August 14, 2026. See the publication details for a copy of the draft and instructions for submitting comments.


NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

Apple; baseline; configuration management; endpoint device security; iOS; macOS; macOS Security Compliance Project (mSCP); operating system security; security compliance; visionOS
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-219r2.ipd
Download URL

Supplemental Material:
None available

Document History:
06/22/26: SP 800-219 Rev. 2 (Draft)