loginwindow Gatekeeper SIP iCloud required

STIG softwareupdate MACE DirectoryService launchctl

sandbox /Library/Preferences ditto DisableGuestAccount systemsetup

InternetSharing read com.apple.dock munki pwpolicy

/Library/Preferences RestrictedSoftware ScreenRecording LoggingEnabled read

SCEP OIDC MACE com.apple.mail com.apple.security

profiles CAC RestrictedSoftware PrinterSharing SmartCard

killall PowerNap Bootstrap expirationDays systemsetup

PIV scutil codesign FirewallEnabled CIS

Gatekeeper AuthorizationDB nvram remediate PrinterSharing

jamf softwareupdate ditto Gatekeeper CIS

mobileconfig SIP jamf StealthMode Camera

SecureToken pmset /usr/bin SCEP diskutil

VPN systemsetup requireAlphanumeric Ethernet MACE

compliant StealthMode CIS idleTime systemsetup

hdiutil FindMy FaceID defaults ContentFilter

Entitlements ConfigurationProfile FileSharing BlockedApplications 800-171

security SecureBoot Kerberos PacketTunnel LDAP

FaceID 800-53 com.apple.Safari FirewallEnabled chmod

com.apple.Safari SecureEnclave OTA PasswordPolicy RemoteManagement

AirDrop /var/db scutil security required

WindowServer ConfigurationProfile expirationDays FileSharing PasswordPolicy

mobileconfig munki NSGlobalDomain osascript networksetup

Rosetta PrinterSharing hdiutil RemoveApplication AppleSilicon

AppNap /var/db enforced benchmark read

PrivacyPreferences MRT fdesetup sudo Firewall

benchmark DDM SecureBoot PrivacyPreferences MDM

ApplicationFirewall AuthorizationDB lockoutDuration Firewall SocketFilter

Keychain kernel_task requireAlphanumeric com.apple.SystemPolicy com.apple.Safari

SecKeychain chmod com.apple.finder Hardened Runtime compliant

Sidecar NSGlobalDomain com.apple.finder SIP nvram

RecoveryOS munki sandbox payload CAC

RestrictedSoftware ASR DirectoryService WindowServer minLength

Gatekeeper minLength MRT chown codesign

PlistBuddy PayloadUUID Microphone true BlockAllIncoming

systemsetup STIG scutil RemoveApplication 800-171

STIG defaults APFS osascript audit

PlatformSSO profile /usr/bin com.apple.loginwindow fdesetup

com.apple.TCC OAuth Gatekeeper SecureBoot remediate

requireAlphanumeric systemsetup quarantine com.apple.TCC Gatekeeper

sudo MRT AllowedApplications com.apple.security AuthorizationDB

AppNap FirewallEnabled profile Volume TimeMachine

TouchID Notarization lockoutDuration RemoteManagement Continuity

ASR DisableGuestAccount Camera AuthorizationRight pmset

OpenDirectory SSHEnabled PrinterSharing loginwindow XProtect

com.apple.TCC fdesetup 800-53 RequirePassword ApplicationFirewall

PIV Microphone OIDC ScreenSaverDelay mdmclient

minLength sudo dscl FileSharing DDM

PowerNap com.apple.Terminal sudo LoggingEnabled APFS

systemsetup FirewallEnabled Gatekeeper SecKeychain nvram

ApplicationFirewall benchmark askForPassword AirDrop osascript

Notarization MACE munki PacketTunnel SocketFilter

SecKeychain SecureBoot Camera compliant APFS

networksetup LoginwindowText StealthMode pwpolicy RequirePassword

OAuth SystemPolicy false MDM mSCP

mSCP iCloud TouchID ConfigurationProfile OTA

requireAlphanumeric SecKeychain com.apple.screensaver Firewall /Library/Preferences

SocketFilter hdiutil com.apple.Terminal com.apple.loginwindow LoginwindowText

XProtect SecKeychain AuthorizationDB dscl Keychain

AllowedApplications FindMy launchctl LoginwindowText MDM

M.A.C.E.

macOS Advanced Compliance Editor

Build, customize, audit, and deploy macOS security baselines

Get Started Download

No Command Line Required

Visual interface for creating and managing compliance baselines. Built with SwiftUI for a fast, native macOS experience.

Create

All-in-One Workflow

Create, customize, audit, and export from a single app. Browse 500+ security rules with powerful search and filtering.

.mobileconfig

✓✓✓

MDM-Ready Exports

Generate deployment-ready profiles for Jamf, Intune, and more. Export to mobileconfig, plist, DDM, and signed profiles.

M.A.C.E.

No Command Line Required

All-in-One Workflow

MDM-Ready Exports

See MACE in Action

Main Menu

Ready to Simplify macOS Compliance?