March 29, 2019

Securing macOS NIST Compliance for Every New Benchmark

Apple frequently reworks its operating system (macOS) to provide more convenience and security for their users. The National Institute of Standards and Technology (NIST), must likewise update their compliance benchmarks for each new version of macOS. However, it takes time for NIST security configuration checklists to be updated to match new versions of macOS.

For example, the NIST macOS 10.13 benchmark document was released in August of 2018—but, at the time of this writing, Apple’s OS is on version 10.14.3 (Mojave).

The question is, how can organizations ensure that they meet or, better yet, exceed NIST computer security standards quickly and easily?

Why You Should Go Beyond NIST’s Apple OS x 10.13 Benchmarks

As mentioned above, the latest macOS NIST computer security benchmark document is for macOS 10.13 (the High Sierra OS). This document was released in August of 2018, Mojave was released September 24, 2018 (according to Tech Radar). In other words, the NIST compliance standards for macOS 10.13 were not current a month before the document was even released.

Because it takes so long for NIST compliance standards (as well as other cybersecurity guidance documents) to catch up to the ever-changing platforms they are meant to help you protect, it is often necessary to go above and beyond the bare minimum needed for compliance with current NIST macOS hardening measures. Proactively using security settings, tools, and policies that exceed NIST compliance requirements helps improve security and future-proof the company against potential changes to NIST benchmarks.

Securing macOS NIST Compliance for Every New Benchmark

How can you future-proof compliance with NIST benchmarks? A good starting point is to take a look at the current benchmarks from organizations such as the Center for Internet Security (CIS)—especially since NIST’s compliance benchmarks are based on CIS standards.

When checking the current benchmarks, be sure to go beyond what the NIST security configuration checklist scores to check the benchmarks that are listed, but not scored. These optional security configurations may help your organization improve its cybersecurity while future-proofing its NIST compliance.

How can following optional extra security configuration benchmarks improve compliance with future NIST computer security requirements? If a requirement that is currently labelled as “optional” or “not scored” today is changed to being a necessary security setting/control, an organization that was following the optional control won’t need to change a thing because they were already compliant.

Another strategy for achieving NIST compliance with security benchmarks is to regularly check for security vulnerabilities in the business’ network and to proactively apply fixes to them. This will often mean securing more than just the macOS devices in the network—for example, the organization may need to start running penetration tests to identify potential issues.

One benefit of regularly pen testing a network to verify NIST macOS hardening against attacks is that it can help identify major opportunities to improve cybersecurity even outside of NIST compliance measures.

Achieving NIST compliance for macOS security benchmarks is most often a matter of being persistent and proactive about applying strong cybersecurity measures and macOS security settings.

Want to learn more about macOS security and compliance with regulatory measures such as NIST’s macOS 10.13 benchmarks? Subscribe to the Kandji blog for more information about macOS security and compliance issues.

Subscribe to the Kandji Blog

kandji badge

Secure Your macOS
Fleet Today

Sign up quickly and easily using your Gmail or Microsoft Office 365 business account or a verifiable business email address.


Or