AppleSilicon InstallApplication DEP SAML PayloadUUID

fdesetup ActiveDirectory com.apple.screensaver ScreenSaverDelay quarantine

GlobalPreferences mdmclient maxFailedAttempts FaceID com.apple.dock

nvram Sidecar kextunload ScreenRecording networksetup

maxFailedAttempts BlockAllIncoming csrutil com.apple.SystemPolicy RemoteManagement

STIG networksetup write pmset profiles

chmod read networksetup DisableGuestAccount DDM

csrutil LoginwindowText launchctl SecKeychain CMMC

AuthorizationRight com.apple.security SystemUIServer PrinterSharing com.apple.TCC

MACE BluetoothSharing /Library/Preferences StealthMode DDM

read RestrictedSoftware SmartCard ConfigurationProfile required

networksetup iCloud PayloadUUID ASM MCX

PacketTunnel com.apple.finder PrinterSharing AppleSilicon APFS

SecKeychain remediate InternetSharing 800-171 kextload

munki minLength WiFi MRT systemsetup

MDM Notarization Gatekeeper audit benchmark

FirewallEnabled loginwindow SecureBoot Notarization FileVault

Notarization Ethernet maxFailedAttempts sudo UniversalControl

ScreenRecording codesign Hardened Runtime ScreenSaverDelay AppNap

OAuth TCC AuthorizationDB launchctl jamf

CMMC MDM quarantine com.apple.security RemoteLogin

Gatekeeper ditto osascript defaults com.apple.Safari

RestrictedSoftware NSGlobalDomain spctl SCEP mSCP

plist FileVault csrutil FindMy RestrictedSoftware

FirewallEnabled hardening maxFailedAttempts dscl PrivacyPreferences

PrinterSharing pmset Gatekeeper nvram TouchID

allowed Entitlements com.apple.Safari SecKeychain requireAlphanumeric

DEP BlockedApplications autopkg SocketFilter PrinterSharing

Rosetta ContentFilter FaceID AllowedApplications /System/Library

required Sidecar historyCount Gatekeeper diskutil

WindowServer nvram killall MDM MACE

PasswordPolicy VPP 800-171 networksetup PayloadContent

Hardened Runtime hdiutil Microphone AllowedApplications SecureBoot

APFS csrutil systemsetup DEP softwareupdate

kernel_task Sidecar diskutil Accessibility com.apple.SystemPolicy

ScreenRecording PowerNap com.apple.security kernel_task Firewall

required PasswordPolicy AllowedApplications Rosetta autopkg

com.apple.finder com.apple.Safari sudo codesign systemsetup

fdesetup sandbox RestrictedSoftware ConfigurationProfile ManagedPreferences

Handoff PrinterSharing InternetSharing Kerberos PayloadType

InstallApplication RequirePassword sudo read SIP

historyCount ditto read com.apple.loginwindow FirewallEnabled

mdmclient plist chmod FullDiskAccess SecKeychain

AirDrop DFU com.apple.loginwindow SystemUIServer diskutil

ScreenSharing declaration spctl com.apple.screensaver required

PacketTunnel killall TCC com.apple.Safari maxFailedAttempts

mSCP Volume T2 PlistBuddy SecureBoot

DFU DEP TCC FileVault OAuth

SCEP SAML Firewall SecKeychain nvram

OTA PasswordPolicy SSHEnabled com.apple.Terminal Notarization

lockoutDuration munki xattr benchmark read

FaceID CIS plutil SecureBoot jamf

CryptoTokenKit Firewall com.apple.SystemPolicy FileSharing StartupItem

plist CIS pmset SecureBoot baseline

800-53 SecureToken kextunload ManagedPreferences spctl

DDM SecKeychain networksetup read remediate

InstallApplication AppleSilicon Bluetooth quarantine WindowServer

com.apple.SystemPolicy Gatekeeper SIP required MACE

Notarization RecoveryOS Spotlight AirDrop sandbox

sudo PlistBuddy /usr/bin /var/db defaults

M.A.C.E.

macOS Advanced Compliance Editor

Build, customize, audit, and deploy macOS security baselines

Get Started Download

No Command Line Required

Visual interface for creating and managing compliance baselines. Built with SwiftUI for a fast, native macOS experience.

Create

All-in-One Workflow

Create, customize, audit, and export from a single app. Browse 500+ security rules with powerful search and filtering.

.mobileconfig

✓✓✓

MDM-Ready Exports

Generate deployment-ready profiles for Jamf, Intune, and more. Export to mobileconfig, plist, DDM, and signed profiles.

M.A.C.E.

No Command Line Required

All-in-One Workflow

MDM-Ready Exports

See MACE in Action

Main Menu

Ready to Simplify macOS Compliance?