Generate a Baseline

The project provides the following baseline files, located in the /baselines/ folder:

• NIST 800-53

  • High 800-53r5_high.yaml

  • Moderate 800-53r5_moderate.yaml

  • Low 800-53r5_low.yaml

• DISA-STIG DISA-STIG.yaml

• NIST 800-171 800-171.yaml

• CIS Level 1 cis_lvl1.yaml

• CIS Level 2 cis_lvl2.yaml (Contains Level 1)

• CIS Controls V8 cisv8.yaml

• CMMC Level 1 cmmc_lvl1.yaml (Ventura only)

• CMMC Level 2 cmmc_lvl2.yaml (Ventura only)

• CNSSI 1254

  • High cnssi-1254_high.yaml (Ventura only)

  • Moderate cnssi-1254_moderate.yaml (Ventura only)

  • Low cnssi-1254_low.yaml (Ventura only)

❗	Never work off the main branch, always git checkout one of the OS branches.

If you want to create your own baseline or modify an existing baseline, the generate-baseline.py found in the scripts folder will generate a {baseline}.yaml file containing all the rules corresponding with the provided tag (baseline). This {baseline}.yaml is required to run the generate-guidance.py script.

Get a list of available tags

➜  macos_security git:(ventura) ./scripts/generate_baseline.py -l
800-171
800-53r4_high
800-53r4_low
800-53r4_moderate
800-53r5_high
800-53r5_low
800-53r5_moderate
800-53r5_privacy
all_rules
arm64
cis_lvl1
cis_lvl2
cisv8
cmmc_lvl1
cmmc_lvl2
cnssi-1253_high
cnssi-1253_low
cnssi-1253_moderate
i386
inherent
manual
n_a
none
permanent
stig
supplemental

Generate a new baseline

➜  macos_security git:(ventura) ./scripts/generate_baseline.py -k 800-53r5_moderate
➜  macos_security git:(ventura) ls -dn build/baselines/*
-rw-r--r--  1 501  20  6350 Jan 19 13:30 build/baselines/800-53r5_moderate.yaml