Enabling Compliance Baseline Reporting in a Jamf Protect Plan
- Last UpdatedNov 7, 2024
- 3 minute read
- In Jamf Protect, click Plans.
- Create a new plan or edit an existing plan with your desired security settings. Compliance baseline reporting is enabled by default.
- In Jamf Pro or other MDM solution, configure the scope of the compliance-enabled plan to enroll target computers in Jamf compliance baseline reporting.
After you enabled compliance baseline reporting, enable monitoring for baseline rules in the Baseline page.
Individual baseline rules must be enabled on the page to implement them in compliance baseline reporting.
Enabled rules will now be monitored on computers enrolled in plans with compliance baseline reporting enabled.
Your Information Security team determines the compliance baseline your organization uses. The macOS Security Compliance Project (mSCP) framework creates the files used for compliance baseline rules. Jamf offers the Compliance Editor that leverages the mSCP, and Apple resources documentation for guidance to use the mSCP. Use one of these resources to create, upload, and enforce baseline rules on devices in your organization with Jamf Pro.
- Jamf Compliance Editor
- The Jamf Compliance Editor is a tool that uses the macOS Security Compliance Project (mSCP) to streamline establishing your compliance baseline. Jamf Compliance Editor provides automatic script and other management setting creation for rules authored through the consensus of global security experts to ensure security against cyber threats. You can upload these management settings to Jamf Pro as configuration profiles to then scope and enforce rules across devices in your organization.
For more information and to download the Jamf Compliance Editor, see the following chapters or Establishing Compliance Baselines.
- macOS Security Compliance Project
- The mSCP is an open-sourced project hosted on the National Institute of Standards and Technology (NIST) GitHub repository that leverages native command-line tools to establish security rules for your compliance baseline. You can use the builds, scripts, and other management settings created with the repository with Jamf Pro or other MDM solution to then scope and enforce rules across Apple devices in your organization.
For the repository, see macOS Security Compliance.
For more information on using mSCP, see the following Apple tutorials:
Baseline rules reports are individually enabled or disabled for your organization on the page and then centrally enabled or disabled as part of a plan.
Jamf Protect still collects data for disabled baseline rules during each check-in but does not display or report the data from disabled rules in the Jamf Protect web app.
Baseline rules only report computer settings and do not enforce settings and restrictions on computers. To enforce a setting or restriction, you must use an MDM solution, such as Jamf Pro.
Only the currently logged in user's computer baseline settings are monitored and reported.