Securing devices smarter with the Center for Internet Security

Discover the Center for Internet Security's recommended steps for safeguarding organizations against cyber attacks.

June 20 2017 by

Nick Thompson

Security is important for any organization, but it’s paramount for those that manage end-user devices. While all industries share a common goal of ensuring their devices are secure; it is mission-critical for certain regulated industries. Finance, retail, healthcare and government entities are all examples of industries that are required by law to meet certain security standards. Security standards like SOC 2, HIPAA, PCI, FISMA and a host of other acronyms need to be met by the IT departments within these industries.

With all these regulations and a growing number of Mac, iPad, iPhone and Apple TV devices entering the workforce, many are left asking, “How do I meet security standards on my Apple devices?” Thankfully, the Center for Internet Security (CIS) published a set of benchmarks for all platforms — including macOS and iOS — which IT can use to answer that and many more security-related questions.

The Center for Internet Security is an independent, nonprofit organization who’s mission is to provide practical steps to safeguard organizations against cyber attacks. They do this by publishing a series of benchmarks, which IT can follow and implement.

"CIS benchmarks help you safeguard systems, software and networks against today's evolving cyber threats. Developed by an international community of cybersecurity experts, the CIS benchmarks are configuration guidelines for over 100 technologies and platforms."


These benchmarks are a great resource for Apple IT administrators, because they are extremely comprehensive, up to date with Apple’s latest operating systems and they are free! Benchmarks provide practical examples of what to lock down on a Mac or iOS device to keep it secure. For example, encryption is a common security standard for most organizations, so you’ll want to turn on FileVault (Apple’s built-in encryption tool) and report on it. The CIS benchmarks also suggest to enforce settings like Gatekeeper (Apple’s anti-malware tool), turn on Firewall Stealth Mode, disable Printer Sharing and more. These benchmarks can be customized by an organization to help meet their specific industry regulations.

Of course, organizations don’t want to manually configure these settings on all their Mac and iOS devices, they want to automate these controls and be able to report on them. This is where a mobile device management (MDM) solution can help. Apple IT administrators can build policies and deploy configuration profiles to enforce and report on security controls. These can be controls like password enforcement, restricting consumer-facing features like iCloud and the camera, reporting on encryption and blocking nefarious applications. All of these security settings can be built and deployed ad hoc to your client Mac and iOS devices using the standard in Apple management — Jamf Pro.

To help organizations even further, Jamf developed a series of scripts that allow IT admins to easily apply the CIS benchmarks to their fleet of Apple devices. The three scripts are added to Jamf Pro and allow IT to define security baselines, schedule ongoing checks for compliance and automate remediation. This makes applying the CIS benchmark to managed Macs far easier than ever before. Best of all, these scripts are free on Jamf’s Github page thanks to our Professional Services team. Jamf Pro customers can download and implement our CIS benchmark for macOS Sierra on their own or our Professional Services team can help them customize it for their environment.

For a deeper analysis of the CIS benchmark and to learn how to apply these security measures in your organization, watch this video.

Have questions or want to discuss your environment with an Apple management expert? Give us a call or send us an email.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.