Leveraging security benchmarks to defend your organization’s systems and data

Do you have sensitive data on your end-user devices? The answer is yes. Every organization has something valuable residing on their Apple devices, whether intellectual property, customer or student data, regulated data or classified data that they need to protect. If this data were to be breached and released to the general public, the consequences are vast and greatly hinder success — not to mention the legal liability — and most certainly would have brand tarnishing power.

Organizations around the world spend hours combing through every operating system to identify and analyze where and how data could be exfiltrated. If left unchecked, system and user settings, network connections, system defaults and other areas can be used by hackers to gain access to your system, and end users can inadvertently cause sensitive data to leave the organization.

You need to secure every endpoint to the best of your ability; this is where security benchmarks help.

There are many organizations that create security benchmarks, but we have found the Center for Internet Security (CIS) to be the most responsive group, consistently releasing the latest guidance for macOS, iOS and iPadOS.

These security benchmarks provide organizations with guidance when securing or hardening the operating systems in order to limit your risks for exfiltration. In our webinar, macOS Security Benchmarks: Enforcing CIS, STIG, and More to Meet Auditor Standards, we shared:

• The guidelines that need to be reviewed by your IT and InfoSec teams
• The tools needed to apply each setting to your endpoints after vetting them
• How Jamf solutions can support your security success

Watch the webinar or read the highlights:

Jamf recommends that your organization thoroughly assesses if Apple’s mobile device management (MDM) framework can enforce the settings selected. For example, the MDM macOS configuration profiles will continue to function in macOS updates, whereas implementing scripts for the enforcement of settings may not function in the next macOS update. If you find that Apple’s MDM framework can not set a particular setting you need, please submit that feedback to Apple.

Jamf Pro has an exhaustive collection of MDM configuration profile keys (settings) that can be set across your Apple fleet, and the capability to apply and enforce scripts on your macOS devices when configuration profiles are not sufficient. We have scripted out these efforts for you and made them available in our Github repository.

And let’s not forget about the auditors! As they assess your efforts, you want to ensure you supply the proper documentation and reports. We have two products at Jamf that assist organizations with audits:

• Jamf Pro allows you to create customized reports that can be sent at your frequency via email to any internal/external auditor, compliance or other teams
• Jamf Protect has the ability to assess the entire CIS Security Benchmark and provide a compliance dashboard of to your IT, InfoSec or SOC teams

Additionally, Jamf Protect has received the CIS Certification for properly assessing the CIS Security Benchmarks on macOS devices.

Jamf Pro and Jamf Protect arms IT and InfoSec staff with the necessary tools to secure your sensitive data with security benchmarks and reports and analysis on that effort.