kernel_task maxFailedAttempts AuthorizationRight Bootstrap Handoff

800-171 WindowServer mSCP T2 killall

csrutil LoggingEnabled audit nvram Gatekeeper

sandbox codesign baseline scutil TCC

plutil DEP security xattr NSGlobalDomain

ASR VPN historyCount AuthorizationRight ApplicationFirewall

codesign BluetoothSharing benchmark mobileconfig PowerNap

BlockedApplications AppNap SecKeychain AuthorizationDB loginwindow

required security networksetup StealthMode com.apple.Terminal

mSCP OIDC /Library/Preferences scutil profile

TimeMachine kernel_task BlockedApplications FindMy Rosetta

OpenDirectory Gatekeeper STIG SSHEnabled write

maxFailedAttempts STIG jamf FileVault munki

SecKeychain Gatekeeper hardening required Sidecar

PowerNap com.apple.security minLength RemoteLogin SystemUIServer

PrinterSharing FileVault allowed read LoggingEnabled

xattr RemoteLogin TouchID CryptoTokenKit BluetoothSharing

DDM AuthorizationRight /var/db osascript AppleSilicon

mSCP allowed minLength SocketFilter Handoff

askForPassword Bootstrap SecureBoot NSGlobalDomain plutil

SIP write VPP LoginItem RemoveApplication

com.apple.TCC ScreenRecording plutil scutil com.apple.loginwindow

SCEP networksetup AppleSilicon GlobalPreferences translocation

Sidecar FindMy NSGlobalDomain xattr Gatekeeper

audit StealthMode fdesetup PayloadType minLength

TCC LoginwindowText RequirePassword systemsetup TouchID

write FileSharing PayloadContent Handoff askForPassword

PrinterSharing profiles Kerberos CryptoTokenKit RestrictedSoftware

RecoveryOS compliant sudo SecureBoot false

PrinterSharing Kerberos sudo BluetoothSharing ConfigurationProfile

PayloadType Gatekeeper maxFailedAttempts SecureEnclave hdiutil

Continuity DEP PayloadType askForPassword SAML

com.apple.security fdesetup Gatekeeper firmwarepasswd com.apple.screensaver

FileVault RecoveryOS 800-171 SSO dscl

OIDC nvram fdesetup minLength askForPassword

SecureToken launchctl benchmark nvram APFS

TimeMachine MDM munki codesign pmset

Handoff profiles write com.apple.finder nvram

networksetup BluetoothSharing PrinterSharing StealthMode DEP

Firewall historyCount PayloadUUID InternetSharing InstallApplication

benchmark FileVault csrutil nvram launchctl

CIS sandbox com.apple.loginwindow osascript FirewallEnabled

SystemUIServer requireAlphanumeric RemoveApplication PrivacyPreferences SecKeychain

softwareupdate com.apple.loginwindow 800-171 SecureBoot xattr

nvram SecureBoot plist PlatformSSO minLength

SecureEnclave RestrictedSoftware /usr/bin PasswordPolicy CAC

spctl com.apple.finder PrinterSharing Accessibility TCC

SecureBoot nvram pmset ScreenSaverDelay kextunload

StealthMode AuthorizationRight SystemPolicy LoginItem ARDAgent

defaults read NSGlobalDomain autopkg munki

ABM PIV ManagedPreferences PlatformSSO FirewallEnabled

ABM CIS plutil security InstallApplication

pmset SecKeychain Kerberos ApplicationFirewall SSHEnabled

MRT Ethernet Firewall com.apple.security LaunchDaemon

PrinterSharing xattr ScreenSaverDelay pmset write

firmwarepasswd CIS Continuity InternetSharing UniversalControl

StartupItem plutil Gatekeeper remediate Camera

ContentFilter com.apple.screensaver SecureBoot chown compliant

kextload com.apple.security sudo chmod SecureEnclave

APFS expirationDays ScreenRecording audit SecureBoot

M.A.C.E.

macOS Advanced Compliance Editor

Build, customize, audit, and deploy macOS security baselines

Get Started Download

💬 Join us in #mace-app on Mac Admins Slack

No Command Line Required

Visual interface for creating and managing compliance baselines. Built with SwiftUI for a fast, native macOS experience.

Create

All-in-One Workflow

Create, customize, audit, and export from a single app. Browse 500+ security rules with powerful search and filtering.

.mobileconfig

✓✓✓

MDM-Ready Exports

Generate deployment-ready profiles for Jamf, Intune, and more. Export to mobileconfig, plist, DDM, and signed profiles.

M.A.C.E.

No Command Line Required

All-in-One Workflow

MDM-Ready Exports

See MACE in Action

Main Menu

Ready to Simplify macOS Compliance?