CIS, CMMC, DISA logotypes over macOS 26 icon and Macbook Pro

macOS Tahoe Compliance and Addigy Benchmarks

By Joel Cedano on September 16, 2025

Did you know that Addigy makes it easy to ensure a macOS 26 Tahoe environment includes full compliance?

As part of Device Compliance features, Addigy provides pre-built benchmarks to test and enforce devices against Center for Internet Security (CIS), Cybersecurity Model Maturity Certification (CMMC), Defense Information System Agency (DISA) and National Institute of Standards and Technology (NIST) guidance.

As an Addigy customer, these benchmarks can be deployed in just a few seconds, and the Compliance section of the Addigy catalog includes them for immediate review.

Compliance benchmarks

Which benchmarks should I use?

CIS is the right starting point for most organizations that want a broadly recognized macOS 26 Tahoe hardening baseline with strong coverage and minimal end-user friction.

CMMC fits U.S. Department of Defense contractors and subcontractors that handle FCI/CUI and need controls aligned with certification requirements.

DISA STIG is intended for DoD and many federal environments that must meet strict STIG configuration and reporting standards on managed Macs.

NIST is best for teams aligning to SP 800-53 or 800-171 control families and needing a rigorous, policy-driven baseline that maps cleanly across multiple frameworks.

Where are the Pre-built Benchmarks Generated From?

Pre-built benchmarks are derived directly from CIS and NIST guidance, and Addigy leverages the open-source macOS Security Compliance Project for implementation.
The project is actively maintained and widely used, and NIST’s vendor attribution page highlights Addigy’s use of the project to implement, monitor, and enforce current CIS and NIST benchmarks.

All benchmark rules are open source and regularly tested, offering strong industry-recommended security posture coverage for macOS environments.
Addigy continuously monitors the specifications for changes so assigned rules stay current without additional administrative effort.

Can I build my own Compliance Benchmarks?

Addigy makes creating your own rules and benchmarks easy to incorporate, and your custom benchmarks can be assigned to the same policies. We recommend using the official rules when possible due to any updates that may occur in the future, but adding your specific needs. 

Should I Select Monitor and Remediate or Monitor-Only?

Monitor and Remediate: will enforce compliance on the device by running scripts or installing profiles as needed to ensure that each device passes the benchmark. Most customers prefer this, as it removes the need for a human admin to be involved. 

Monitor-Only: will run the same tests but will not attempt to fix any issues. Reports are available to see which rules passed or failed for each device.

Need more assistance? Reach out to the Addigy Support team. Or, if you’re interested in learning more about Addigy, get a free trial today.

Joel Cedano

Joel Cedano

Senior Product Manager at Addigy

Similar Posts

OS 26 icon with Apple devices on the background

Deferring OS Updates with Addigy

With macOS 26 releasing September 15, 2025, organizations may not be ready to adopt immediately. This guide explores how to defer OS updates and upgrades across macOS, iOS, and iPadOS using Addigy—helping IT teams manage timing, reduce disruption, and maintain security.

Rocket taking off from text reading "macOS Sonoma."

macOS Sonoma is Here

Attention IT professionals and MSPs! The big day is finally here: macOS Sonoma is live and in the…

Illustration of a user with an Apple device

Randomized MAC Addresses: What IT Admins Need to Know

Randomized MAC addresses enhance privacy on Apple devices but pose challenges for IT teams managing secure networks. As these devices join corporate systems, understanding the impact on authentication, tracking, and access control is crucial. This guide covers what MAC randomization is, how to manage it, and how to address enterprise-level issues it may cause.