Build, customize, audit, and deploy macOS security baselines — no command line required.
- About
- Why MACE?
- Quick Start
- Screenshots
- Features
- Build Capabilities
- Audit & Verification
- Status
- Upcoming Features
- Community & Feedback
- Credits
M.A.C.E. (macOS Advanced Compliance Editor) is a native macOS app that simplifies compliance baseline creation, customization, auditing, and deployment using NIST's mSCP 2.0.
The problem: Compliance folks need better tools. The mSCP project is fantastic, but for those of us who are less command-line savvy, customizing baselines can be intimidating. We needed something that makes compliance simple and customizable — without requiring scripting knowledge.
The solution: M.A.C.E. fills that gap. This is my first app, and I have a lot to learn, but I'm building what I've needed for years: a tool that puts powerful compliance capabilities in a visual, approachable interface. The community decides where it goes next.
Built for:
- macOS Security Administrators
- Compliance Officers & IT Audit Teams
- MDM Administrators (Jamf, Intune)
- Government & Enterprise Security Teams
| No command line required | Visual interface for creating and managing compliance baselines |
| Native macOS app | Built with SwiftUI for a fast, responsive experience |
| All-in-one workflow | Create, customize, audit, and export from a single app |
| MDM-ready exports | Generate deployment-ready profiles for Jamf, Intune, and more |
| Free & open source | Community-driven development with no licensing fees |
- Download the latest release
- Create a new project and select your compliance framework
- Customize rules to fit your organization's needs
- Build scripts and configuration profiles for deployment
- Audit your Mac and export compliance reports
Project creation & dashboard |
Compliance editor & rule hub |
Audit results & report view |
Documentation settings |
View sample audit outputs generated by M.A.C.E.:
- Create compliance projects for macOS, iOS/iPadOS, and visionOS
- Open and manage existing projects (
.macefile format) - Recent projects list for quick access
- Platform and compliance framework selection wizard
- Automatic project saving
- Three-panel interface: Sections sidebar, searchable rule list, and detailed editor
- Browse 500+ security rules organized by section
- Search, filter, and sort by:
- Compliance framework (STIG, CIS, NIST, etc.)
- Section/category
- Tags and metadata
- Modification status
- "Show All" mode to view all available rules regardless of framework
- Keyboard shortcuts for power users (Space bar to toggle rules)
- Edit all rule fields:
- Discussion, check criteria, and remediation instructions
- References and citations
- Tags and metadata
- Mobile configuration payloads
- DDM (Declarative Device Management) declarations
- Organizational Defined Values (ODVs)
- Shell scripts for fixes
- Track customizations with visual modification indicators
- Side-by-side comparison: baseline vs. custom rule versions
- Automatic YAML structure preservation
- Create custom security rules from templates
- Edit standalone rule YAML files
- Full validation of rule ID and structure
- Light, Dark, and System theme support
- Seasonal and holiday app icons
- Auto-save functionality
- Display settings memory (remember preferences)
- Application logging console with export
| Output | Description |
|---|---|
| Audit Scripts | Shell scripts for compliance checking |
| Remediation Scripts | Shell scripts to fix non-compliant settings |
| Extension Attributes | Scripts for Jamf Pro and other MDMs |
| Format | Use Case |
|---|---|
.mobileconfig |
Apple Configuration Profiles (combined or individual) |
| Plist | Jamf Pro Custom Settings |
| XML | Microsoft Intune |
| Signed Profiles | Digital signature support with certificate verification |
- Generate DDM declarations and artifacts
- Support for Apple's modern management APIs
- Service path configuration for system services
| Format | Description |
|---|---|
| HTML | Web-viewable documentation with table of contents |
| Professional print-ready documents | |
| CSV/Excel | Spreadsheet export for analysis |
| README | Auto-generated build information |
- M.A.C.E. Build Engine: Native Swift engine with full customization
- mSCP Build Engine: Official Python scripts (coming soon)
- Configurable output options per artifact type
- Author metadata and baseline versioning
- Custom output directory selection
- Run automated compliance checks against your baseline
- Real-time progress tracking with live watch capability
- Status tracking: Pass, Fail, Error, Manual Review, Not Applicable
- Section-by-section compliance analysis
- User comments and notes on individual results
- Manual override capability for audit results
- Comprehensive summary with pass/fail counts and percentages
- Detailed rule-by-rule results with expected vs. actual output
- Color-coded status indicators
- Execution time per rule
| Format | Description |
|---|---|
| DISA STIG CKL | Compatible with STIG Viewer; automatic STIG ID mapping |
| CSV | Spreadsheet-friendly with summary statistics and device info |
| HTML | Interactive web-viewable reports with charts |
| Professional documents with headers, summaries, and details |
Alpha Release This is an alpha release. Many features are still in development and some are disabled until ready. This release is for early adopters to preview progress and provide feedback.
Current Focus:
- Finalizing the compliance builder hub for rule reading and user adjustments
- Building an mSCP-style build engine for customizable enforcement files
- Improving audit export accuracy for MDM platforms
Known Limitations:
- Rules may not reflect the latest guidance until mSCP 2.0 is finalized
- Some export formats may have issues with specific MDM platforms (Intune, Jamf)
- mSCP audit engine pending mSCP 2.0 release
- Currently supports American English only
Feedback:
- Bug reports are welcome via GitHub Issues
- Feature suggestions and "nice to have" ideas help guide development
Website: A dedicated website with tutorials and usage guides is planned once core features are finalized.
- Import existing mSCP 1.0/2.0 baselines into M.A.C.E.
- Convert external configurations to projects
- Run the official mSCP audit (pending mSCP updates)
- Apply fixes directly from audit results
- Compare audits over time
- Track compliance history
- Auto-update rules from mSCP repository
- Version tracking and update notifications
- Automatic app updates
- Additional language support
- Visual and functional improvements across all features
M.A.C.E. is a community-driven project. I personally work with STIGs, so many features were built around that workflow but I want this app to work for everyone. Whether you're using CIS, NIST 800-53, CMMC, or something else entirely, your input matters.
I'd love to hear from you:
- What compliance frameworks do you use?
- What features would make your workflow easier?
- What's missing or could be improved?
Open an issue or start a discussion your feedback directly shapes development.
Powered by NIST mSCP 2.0. Created by a Mac admin for the macOS admin community.
