Skip to main content
chmod PayloadType PrinterSharing Handoff AuthorizationRight
false scutil enabled write FullDiskAccess
minLength autopkg TCC sudo LoggingEnabled
TouchID loginwindow STIG Microphone com.apple.security
read iCloud SocketFilter maxFailedAttempts ApplicationFirewall
disabled write kextload ScreenSharing quarantine
pwpolicy CAC baseline STIG com.apple.Terminal
OTA Bluetooth PayloadUUID DisableGuestAccount pmset
com.apple.SystemPolicy PlistBuddy iCloud historyCount RemoteManagement
ScreenSaverDelay FaceID PIV AppNap WindowServer
APFS mdmclient sudo SIP dscl
FindMy hdiutil defaults nvram com.apple.loginwindow
loginwindow WindowServer AirDrop ContentFilter LaunchAgent
CMMC Accessibility payload enabled codesign
CryptoTokenKit chmod remediate FileSharing hdiutil
Sidecar required nvram systemsetup payload
PacketTunnel DFU LaunchAgent SystemUIServer ARDAgent
profiles SSO Sidecar false PayloadUUID
security FaceID mSCP TouchID lockoutDuration
com.apple.screensaver 800-53 PayloadContent InternetSharing dscl
osascript AuthorizationRight VPP ScreenSharing LoginItem
Volume SocketFilter PlistBuddy Handoff BluetoothSharing
ditto allowed 800-53 Microphone com.apple.Safari
InstallApplication ASM PayloadContent quarantine TouchID
PIV DFU FindMy AllowedApplications maxFailedAttempts
SecureBoot com.apple.security fdesetup networksetup spctl
FirewallEnabled declaration networksetup com.apple.mail 800-53
PrinterSharing mobileconfig benchmark profiles SCEP
minLength CIS diskutil SecureBoot payload
FileSharing OAuth networksetup RemoveApplication MDM
DisableGuestAccount Keychain SecureBoot CIS MDM
Sidecar SecureBoot SCEP sudo ConfigurationProfile
ASM XProtect sudo 800-53 SecKeychain
STIG requireAlphanumeric 800-171 codesign required
SSHEnabled 800-53 FileSharing xattr UniversalControl
AppleSilicon ConfigurationProfile Notarization SIP kextunload
declaration Entitlements SecKeychain sudo PayloadUUID
APFS read nvram CAC security
InstallApplication Handoff nvram iCloud CAC
Firewall CIS 800-53 kextload Gatekeeper
Hardened Runtime launchctl TouchID CAC com.apple.security
diskutil AuthorizationRight FindMy PlistBuddy firmwarepasswd
RequirePassword Notarization scutil LoginwindowText translocation
OAuth com.apple.security historyCount AuthorizationRight com.apple.SystemPolicy
Gatekeeper FirewallEnabled com.apple.Terminal write DDM
PayloadContent networksetup NSGlobalDomain spctl idleTime
BlockedApplications write com.apple.finder STIG ScreenSaverDelay
Ethernet LaunchAgent SSHEnabled iCloud PasswordPolicy
PowerNap DDM AirDrop hdiutil Entitlements
SystemPolicy Gatekeeper diskutil disabled allowed
OTA ditto DirectoryService codesign autopkg
munki sandbox LDAP LoginwindowText PayloadUUID
Handoff PrivacyPreferences nvram TCC payload
munki csrutil InternetSharing DEP /var/db
FileSharing launchctl chmod enabled com.apple.loginwindow
historyCount FileSharing RecoveryOS LoggingEnabled 800-171
expirationDays PrinterSharing StartupItem RemoteLogin com.apple.finder
sudo fdesetup AppNap /System/Library InternetSharing
DDM PlistBuddy historyCount quarantine OAuth
networksetup Hardened Runtime PasswordPolicy Continuity com.apple.SystemPolicy
MACE App Icon

M.A.C.E.

macOS Advanced Compliance Editor

Build, customize, audit, and deploy macOS security baselines

💬 Join us in #mace-app on Mac Admins Slack
$|

No Command Line Required

Visual interface for creating and managing compliance baselines. Built with SwiftUI for a fast, native macOS experience.

Create

All-in-One Workflow

Create, customize, audit, and export from a single app. Browse 800+ security rules with powerful search and filtering.

.mobileconfig

MDM-Ready Exports

Generate deployment-ready profiles for Jamf, Intune, and more. Export to mobileconfig, plist, DDM, and signed profiles.

Ready to Simplify macOS Compliance?

Download MACE for free and start building your security baselines today.