Our great sponsors
CIS Benchmarks for macOS Catalina
You can get most of the way to hardening to CIS level 1 picking more up-to-date fork of these https://github.com/jamf/CIS-for-macOS-Catalina-CP.
FWIW, CIS level 1 will mean people get locked out of their machines very frequently. Complex 15 character passwords with 3 retries from memory. So you need a half-decent MDM to unlock quickly. There is no half-decent MDM out there. Only shit ones but workable like Jamf.
Also you the username does't get auto-populated on login so the typo can be in username and user assumes it is with password. Very fast way to get lock outs.
To pass a full security review you might want to play with Google Santa. But that is intense.
A binary authorization system for macOS
> Install and configure Google’s Santa.
Interesting, I'd never heard of this before. "A binary authorization system for macOS". Open source.
Appwrite - The Open Source Firebase alternative introduces iOS support. Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!
macOS Security Compliance Project
is it possible to see what account made changes to the system?
2 projects | reddit.com/r/jamf | 9 Mar 2023
How to indicate that a laptop is locked and thus useless for thieves
1 project | reddit.com/r/techsupport | 4 Feb 2023
3 projects | news.ycombinator.com | 28 Jan 2023
MacOS + MDM Policies (Privacy, Notifications, Native Apps)
1 project | reddit.com/r/macsysadmin | 12 Jan 2023
macOS-Security-and-Privacy-Guide: Guide to securing and improving privacy on macOS
1 project | reddit.com/r/CKsTechNews | 26 Dec 2022