For those who’ve experienced what it’s like to use the macOS Security Compliance Project (mSCP) firsthand, you’ll appreciate the “I’m kind of a big deal.” reference made famous by, Ron Burgundy in Anchorman. This is not just waxing poetic about the incredibly useful tool but a true sentiment that conveys how much time and resources were saved by utilizing mSCP to aid in meeting compliance on macOS for enterprise organizations.
And now, Jamf has developed a free tool — the Jamf Compliance Editor (JCE) — that builds upon the rock-solid foundation of mSCP, to aid IT and Security professionals in uploading their customized compliance assets to Jamf Pro in a dead-simple way to extend compliance across their infrastructure for each managed device.
If you are unfamiliar with mSCP or perhaps you’ve heard of it, but aren’t really sure if it’s a tool that would benefit you as a MacAdmin, here’s a brief recap.
mSCP began as a venture between multiple agencies to “provide a programmatic approach to generating security guidance.” It is an open-source project that is available on GitHub. As touched upon, the project is the result of federal operational IT Security staff from the following organizations:
- National Institute of Standards and Technology (NIST)
- National Aeronautics and Space Administration (NASA)
- Defense Information Systems Agency (DISA)
- Los Alamos National Laboratory (LANL)
It’s aim: aid IT and Security teams with implementing security benchmarks, like those authored by NIST and CIS respectively.
JCE and me
mSCP is seemingly heaven-sent for admins tasked with managing security or implementing compliance, the ability to generate customized values, export documentation and generate guidance that meets your organization’s security compliance regulations.
I use the word seemingly because generating compliance assets is only a fraction of the process. The other parts involve:
- Actively monitoring endpoint health
- Gathering rich telemetry data
- Identifying gaps in security and compliance
- Applying assets to make endpoints compliant
MDM solutions can make the distribution of compliance assets easier, but the level of administrative overhead required to meet the other three points presents a greater challenge. One that merely uploading compliance assets to your MDM solution will not resolve.
This is where JCE comes in and really shines as Golbig shows in his demonstration. The ability for MacAdmins to use JCE to generate the assets they need to meet compliance requirements within their organization — all from the JCE application and share that guidance with Jamf Pro is a huge plus!
For starters, Jamf Compliance Editor is a native macOS app and built on mSCP, meaning admins have access to the same backend resources as mSCP right from their Mac computer. So anything you can do from the command line in mSCP can also be accomplished from JCE’s native app.
Furthermore, thanks to its deep integration with Jamf Pro, after you’ve customized and generated the compliance assets that are unique to your organizational needs, there’s a built-in interface that seamlessly allows uploading your newly generated content directly to your Jamf Pro instance via the secure Jamf API.
“All the things” you want…none of what you don’t
Prior to uploading your compliance assets to Jamf Pro, users can choose which assets to upload. Want to upload everything? Check the box next to the top category and each subentry will be checked as well.
But what if we don’t want everything? That works too! Jamf understands that you may wish to select certain benchmarks to customize while ignoring those that may not be applicable. In those instances, simply uncheck the box next to the category you wish to remove from the upload queue. Multiple selections are possible, including granularly selecting individual benchmarks within a baseline. Once you’ve tailored it to your needs, the one-click upload process performs the work of importing your configuration profiles and/or scripts to Jamf Pro.
Where can I get JCE and how much does it cost?
Jamf Compliance Editor is F-R-E-E and will stay free, thanks to it being built upon the open-source mSCP, according to Woodruff. Available as an add-on for Jamf Pro customers, JCE is available from the Jamf Trusted Access webpage. The current version — 1.2.1 — was released in September 2023 and provides same-day support for macOS Sonoma out-of-the-box. Additionally, an easy-to-follow user guide is also available for those looking to get started with implementing compliance baselines within their organization.
View the full session here.
Register for JNUC to access this session as well as others on demand.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.