-
You can get most of the way to hardening to CIS level 1 picking more up-to-date fork of these https://github.com/jamf/CIS-for-macOS-Catalina-CP.
FWIW, CIS level 1 will mean people get locked out of their machines very frequently. Complex 15 character passwords with 3 retries from memory. So you need a half-decent MDM to unlock quickly. There is no half-decent MDM out there. Only shit ones but workable like Jamf.
Also you the username does't get auto-populated on login so the typo can be in username and user assumes it is with password. Very fast way to get lock outs.
To pass a full security review you might want to play with Google Santa. But that is intense.
-
Stream
Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.
-
> Install and configure Google’s Santa.
Interesting, I'd never heard of this before. "A binary authorization system for macOS". Open source.
https://github.com/google/santa
-