macOS Sonoma Compliance and Addigy Benchmarks

Did you know that Addigy makes it easy to ensure your macOS Sonoma instance includes full Compliance? As part of our Device Compliance features, we make available a set of pre-built benchmarks to easily test and enforce your devices for Center for Internet Security (CIS) and National Institute of Standards and Technology (NIST) compliance.

As an Addigy customer, you can deploy these benchmarks in just a few seconds. The Compliance section of the Addigy catalog contains these benchmarks for your review.

Which Benchmarks Should We Use?

Every organization has specific security requirements. The Level 1 CIS set consists of over 80 rules that provide very comprehensive security, while the NIST options are even more rigid. Many customers find the full set too strict, so they often clone the original and select only those rules they need. Addigy allows you to choose the version that works best for you and allows you to modify them for your specific needs.

Where are the Pre-built Benchmarks Generated From?

The benchmarks come directly from CIS and NIST. Addigy leverages the trusted open-source resource https://github.com/usnistgov/macos_security for each implementation

Pre-built Benchmark Risks

The rules for CIS and NIST are open-source and regularly tested. They provide the best option for industry-recommended security. Furthermore, Addigy constantly monitors the spec for any changes so that the rules you assign are updated as needed. 

Other Compliance Rules

One common compliance rule of organizations includes anti-virus software for all devices. Addigy makes creating your own rules and benchmarks easy to incorporate, and your custom benchmarks can be assigned to the same policies. We recommend using the official rules when possible due to any updates that may occur in the future, but adding your specific needs. 

Should I Select Monitor and Remediate or Monitor-Only?

Monitor and Remediate will enforce compliance on the device by running scripts or installing profiles as needed to ensure that each device passes the benchmark. Most customers prefer this, as it removes the need for a human admin to be involved. 

Monitor-Only will run the same tests but will not attempt to fix any issues. Reports are available to see which rules passed or failed for each device.Need more assistance? Reach out to the Addigy Support team. Or, if you’re interested in learning more about Addigy, get a free trial today.