Compliance Baseline Summary
- Last UpdatedJan 18, 2024
- 4 minute read
- Compliance Baseline Score
- The compliance baseline score delivers a point-in-time grade and a percentage change over the last month to determine positive or negative trends in your organization's progress towards achieving full compliance with its baseline.
- Compliance Summary
- Compliance summary lists computer and plan information to ensure compliance baseline reporting configurations are enabled for your organization.
- Compliance Status by Category
- Compliance status by category provides information about each element of your organization's security by sorting compliance progress by baseline rule category.
- Baseline Rules
- The baseline rules table provides visibility for the the pass or fail state of each rule in your baseline that allows for fast remediation when necessary.
The Baseline page allows you to view and filter rules by category, CIS level, and status (enabled or disabled). Each rule also contains a bar graph that shows the overall compliance status for computers in your organization. You can export a CSV report of your current compliance status by clicking Download Report.
- Fail (Orange)—The total number of computers not configured with the given setting appropriately.
- Pass (Green)—The total number of computers configured with the given setting appropriately to meet the compliance requirement.
- Unknown (White)—The total number of computers with an unknown compliance status, such as when the macOS version does not support the configuration.
- Install Updates, Patches, and Additional Security Software—
Monitors software and application update settings to ensure the most recent versions are installed.
- System Settings—
Monitors macOS security tool updates and miscellaneous security recommendations from Jamf.
- Logging and Auditing—
Monitors security audit settings to ensure they are enabled.
- Network Configurations—
Monitors Wi-Fi and server settings.
- System Access, Authentication, and Authorization—
Monitors macOS settings related to file system access, passwords, keychains, and authentication.
- Applications—
Monitors the settings and usage of the Finder, Safari, and Terminal.
To learn more about a rule, you can click it to view a description, a list of status updates from computers, and the CIS reference ID. For more information related to the Apple OS benchmarks for security rules see the CIS Apple macOS Benchmarks site.
Jamf Protect does not report on every CIS baseline rule to improve system performance. Refer to the latest CIS benchmark for a full list of recommended rules.
Baseline rules that correlate to the Center for Internet Security (CIS) benchmarks for macOS are tagged and categorized into two levels:
- CIS Level 1—
Security rules that are practical and not detrimental to a computer's performance or user experience.
- CIS Level 2—
Includes all level 1 rules in addition to advanced rules that may impact computer performance and user experience.
Baselines rules with the Jamf tag include security recommendations from Jamf and provide additional visibility into macOS security.
Current Jamf rules include the following:
Malware Removal Tool daemon (MRTd service) is running
Malware Removal Tool definitions are up to date
XProtect Signature definitions are up to date