Skip to main content
MDM LoginwindowText sudo defaults write
plist AuthorizationRight requireAlphanumeric ScreenRecording STIG
PayloadContent codesign IPSW loginwindow SIP
Continuity kextunload audit Kerberos SIP
benchmark security codesign fdesetup FirewallEnabled
/Library/Preferences com.apple.security sudo plist xattr
SecureEnclave Spotlight RemoteManagement payload AirDrop
iCloud Gatekeeper AppleSilicon mobileconfig allowed
STIG write NSGlobalDomain /Library/Preferences mdmclient
PacketTunnel read Entitlements ScreenRecording AllowedApplications
sandbox write compliant Gatekeeper com.apple.Terminal
compliant PasswordPolicy PayloadContent mobileconfig DFU
com.apple.SystemPolicy firmwarepasswd STIG /System/Library /Library/Preferences
sudo TouchID benchmark FileVault LoggingEnabled
PayloadUUID MDM com.apple.Safari Spotlight LoginItem
com.apple.Safari ABM T2 write /usr/bin
ditto chown softwareupdate false required
systemsetup minLength AuthorizationDB InstallApplication InternetSharing
plutil profiles RestrictedSoftware historyCount write
codesign Spotlight LaunchAgent SecKeychain enabled
XProtect TouchID VPP MDM Microphone
SecKeychain csrutil OIDC Volume ConfigurationProfile
Continuity DDM nvram APFS Microphone
chown PrinterSharing PayloadUUID StealthMode Ethernet
pmset ConfigurationProfile SecureBoot fdesetup softwareupdate
pmset ContentFilter expirationDays fdesetup GlobalPreferences
FileVault SIP csrutil /usr/bin STIG
Hardened Runtime chown FindMy write CIS
GlobalPreferences Gatekeeper firmwarepasswd RequirePassword networksetup
PacketTunnel ActiveDirectory InternetSharing com.apple.Terminal ASR
Volume softwareupdate DisableGuestAccount AuthorizationRight lockoutDuration
com.apple.Safari read com.apple.screensaver AppleSilicon write
PayloadUUID write xattr CMMC FileVault
OpenDirectory systemsetup diskutil payload Camera
networksetup InstallApplication VPN LoginItem spctl
NIST scutil Gatekeeper translocation PIV
SecKeychain chown launchctl AuthorizationDB networksetup
SAML SecureEnclave OAuth SmartCard DisableGuestAccount
SystemPolicy AppleSilicon spctl dscl WiFi
SSO SecKeychain PrinterSharing WiFi Entitlements
RestrictedSoftware CIS pwpolicy killall SIP
FaceID diskutil sudo 800-171 munki
AuthorizationRight translocation SecureBoot com.apple.TCC mobileconfig
Entitlements /usr/bin PasswordPolicy /var/db quarantine
csrutil PasswordPolicy iCloud XProtect PowerNap
SocketFilter NSGlobalDomain MDM nvram APFS
SecureBoot munki read InternetSharing sudo
false disabled autopkg pwpolicy kextload
APFS FindMy AuthorizationDB maxFailedAttempts VPN
com.apple.security 800-171 FileVault com.apple.SystemPolicy DFU
GlobalPreferences RemoteLogin SocketFilter OTA Entitlements
MRT defaults networksetup com.apple.Terminal required
nvram sudo SecureBoot com.apple.mail SSO
nvram RestrictedSoftware PowerNap WindowServer ContentFilter
DFU PayloadContent PayloadType MRT SecKeychain
PasswordPolicy hdiutil diskutil TCC MDM
codesign historyCount security AuthorizationRight StartupItem
pmset FaceID TCC MRT quarantine
ContentFilter mdmclient enabled plist baseline
FileSharing networksetup spctl SIP benchmark
MACE App Icon

M.A.C.E.

macOS Advanced Compliance Editor

Build, customize, audit, and deploy macOS security baselines

Get StartedDownload
$|

No Command Line Required

Visual interface for creating and managing compliance baselines. Built with SwiftUI for a fast, native macOS experience.

Create

All-in-One Workflow

Create, customize, audit, and export from a single app. Browse 500+ security rules with powerful search and filtering.

.mobileconfig

MDM-Ready Exports

Generate deployment-ready profiles for Jamf, Intune, and more. Export to mobileconfig, plist, DDM, and signed profiles.

See MACE in Action

Main Menu
Compliance Editor
Rule Builder
Audit & Export
Build Hub
Documentation

Main Menu

Your compliance command center

Ready to Simplify macOS Compliance?

Download MACE for free and start building your security baselines today.

Download MACERead the Docs