This publication assists IT professionals in securing Apple OS X 10.10 desktop and laptop systems within various environments. It provides detailed information about the security features of OS X 10.10 and security configuration guidelines. The publication recommends and explains tested, secure settings with the objective of simplifying the administrative burden of improving the security of OS X 10.10 systems in three types of environments: Standalone, Managed, and Specialized Security-Limited Functionality.
See the project’s GitHub page for solutions to known issues: https://github.com/usnistgov/applesec
This document has been created for IT professionals, particularly system administrators and information security personnel (security managers, engineers, administrators, etc.) who are responsible for securing or maintaining the security of OS X 10.10 systems. Auditors and others who need to assess the security of systems may also find this publication useful. The document assumes that the reader has experience installing and administering OS X-based systems. The document discusses various OS X 10.10 security settings in technical detail.
- Specialized Security-Limited Functionality (SSLF)
The security baselines were only tested on Apple OS X 10.10.
FISMA with NIST SP 800-53 mapping
Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic. NIST would appreciate acknowledgement if the document and baselines are used.
This data was developed by employees of the National Institute of Standards and Technology (NIST), an agency of the Federal Government. Pursuant to title 15 United States Code Section 105, works of NIST employees are not subject to copyright protection in the United States and are considered to be in the public domain.
Corrected link - 05/15/2017
Corrected SHA error - 3/1/2018
NIST checklist record last modified on 03/01/2018