macos_security VS CIS-macOS-Security

For starters there's an entire NIST project for macOS Security Compliance - https://github.com/usnistgov/macos_security this will make your life a million times easier to meet a lot of the technical controls required for compliance. Nothing like this really exists for Windows or Linux(closest is Compliance As Code https://github.com/ComplianceAsCode/content)

https://github.com/usnistgov/macos_security - for macOS this would help.

I’d highly recommend checking out the usnistgov/macos_security on GitHub. You can generate a benchmark and then feed the output into extension attributes to trigger policies on.

Study about cybersecurity, or how to harden a macOS fleet against published security frameworks.

Weigh the pros and cons about having your end-users be standard users or admins on their Macs. If they are already admins (probably), consider the political blowback if you take away their admin rights and flexibility and autonomy they've become used to. Conversely, consider the security posture of your organization. If it has to adhere to some well-known guides (like 800-171 o 800-53r5), then you may not be able to allow end-users to be admins. Take a look at the macOS Security Compliance Project.

NIST Compliance Benchmarks: github.com/usnistgov/macos_security

Like OP, I'm trying to disable both bonjour and netbios. I'm using this script: https://github.com/usnistgov/macos_security/blob/main/includes/enablePF-mscp.sh

https://support.apple.com/guide/certifications/macos-security-compliance-project-apc322685bb2/web should be your first stop and that Apple Support page has a link to the macOS Security Compliance Project.

I’ve got json schemas here that might cover that, been putting these together for the 2022 CIS benchmarks for Monterey https://github.com/scriptsandthings/scriptsandthings_Jamf_JSON_Schemas/tree/main/Schemas/Apple they’re based on the plists that https://github.com/mvdbent/CIS-macOS-Security spit out at me for CIS level 1 and level 2.