Exporting Reports
Export audit results to PDF, HTML, CSV, or DISA STIG CKL format.
Generate professional reports for auditors, documentation, and compliance tracking.
Export Formats
MACE can export audit results in four formats:
Professional report format. Ideal for sharing with auditors, management, or for official documentation. Includes charts and formatted tables.
HTML
Interactive web report. Can be opened in any browser. Includes responsive design and expandable details. Great for internal review.
CSV
Spreadsheet format. Import into Excel, Google Sheets, or other tools. Useful for data analysis, filtering, and custom reporting.
STIG CKL
DISA STIG Checklist format (XML). Required for DoD compliance. Updates existing CKL templates with your audit results.
Which Format Should I Use?
| 📄 | Share with auditors or management | |
| 🌐 | HTML | Review results in a browser |
| 📊 | CSV | Analyze data in Excel or Google Sheets |
| 🛡️ | STIG CKL | Submit for DoD compliance |
Export Options
Before exporting, you can configure what to include in your report:
Author and Metadata
Adds your name, organization, and benchmark name to the report header. Helps identify who performed the audit.
Your name and organization appear in the report header. Set these in the export options.
Device Information
Adds the audited Mac's serial number, model name, and macOS version to the report. Identifies which specific device was checked.
Adds the computer's hostname to the device information section.
Logo and Branding
Adds a logo to the report header. MACE looks for a file named logo.png in your project folder. If not found, uses the default MACE logo.
Removes "Generated by M.A.C.E." attribution from the report. Use this for sanitized or white-labeled reports.
Removes the entire footer section from the report, including generation timestamp and any branding.
Content Options
Hides the Expected Output and Actual Output columns. Simplifies the report if these details aren't needed.
Hides the Discussion/Notes column. Reduces report length if rule explanations aren't needed.
Hides the time taken for each check. Simplifies the output if timing isn't relevant.
Shows the command that was run for each rule. Useful for technical reviewers who want to see exactly what was tested.
Shows the remediation command for each rule. Helps teams understand how to fix failing items.
Analysis Options
Adds a breakdown of pass/fail rates by section. Highlights problem areas with lowest pass rates first.
Adds a column showing which results were manually modified. Important for audit trails where changes must be documented.
Adds a high-level overview at the beginning of the report. Summarizes key findings and critical areas for management review.
Adds signature lines at the end of the report for auditor sign-off. Includes fields for Signature, Date, Printed Name, and Title/Role.
Format-Specific Options
Formats the PDF for US Letter paper with page breaks. When off, creates a continuous single-page document (better for digital viewing).
Displays STIG IDs (like APPL-15-005001) instead of Rule IDs in the table. Standard for STIG documentation.
Adds a column showing CIS Benchmark reference numbers (like 2.6.6).
PDF Export
The PDF export creates a professional compliance report suitable for auditors and official documentation.
What's Included
- Header: Logo, report title, author, organization, date
- Summary Statistics: Total rules, pass/fail counts, pass rate percentage
- Pie Chart: Visual breakdown of results by status
- Device Information (optional): Serial number, model, OS version
- Executive Summary (optional): High-level findings overview
- Section Summary (optional): Pass rates by category
- Results Table: All rules with status, expected/actual values, comments
- Signature Section (optional): Sign-off lines for auditors
- Footer: Generation timestamp, page numbers (if paginated)
How to Export PDF
- Complete your audit
- Click Export in the results toolbar
- Select PDF
- Configure export options
- Choose save location
- Click Export
HTML Export
The HTML export creates an interactive web report that can be opened in any browser.
Features
- Responsive Design: Works on desktop, tablet, and mobile
- Dark Mode Support: Automatically adapts to system preferences
- Expandable Details: Click rows to see more information
- Status Color Coding: Visual pass/fail indicators
- Section Navigation: Jump to specific sections
- Pie Chart: SVG visualization of results
How to Export HTML
- Complete your audit
- Click Export in the results toolbar
- Select HTML
- Configure export options
- Choose save location
- Click Export
Viewing the Report
Open the exported .html file in any web browser (Safari, Chrome, Firefox, etc.). The report is self-contained with all styles embedded.
CSV Export
The CSV export creates a spreadsheet-compatible file for data analysis.
What's in the File
- Summary info at the top with pass/fail counts
- Column headers based on your export options
- One row per rule with all the details
How to Export CSV
- Complete your audit
- Click Export in the results toolbar
- Select CSV
- Configure export options
- Choose save location
- Click Export
Using the CSV
Import into:
- Microsoft Excel: File → Open → Select the CSV
- Google Sheets: File → Import → Upload the CSV
- Numbers: File → Open → Select the CSV
The CSV format allows you to:
- Create custom pivot tables
- Apply your own filtering and sorting
- Generate charts and graphs
- Combine with other data sources
STIG CKL Export
The CKL (Checklist) export creates DISA STIG-compliant XML files required for DoD security assessments.
What is CKL?
CKL is the standard format for DISA STIG checklists. It's an XML file that contains:
- Device identification
- Vulnerability assessments
- Finding details and status
- Comments and notes
How CKL Export Works
MACE updates an existing CKL template file with your audit results:
- You provide a template CKL (from DISA or your organization)
- MACE matches STIG IDs between your audit and the template
- Results are merged into the template
- Updated CKL is saved with your findings
Status Mapping
MACE audit statuses map to CKL statuses:
| ✅ | Pass | NotAFinding |
| ❌ | Fail | Open |
| ➖ | N/A | Not_Applicable |
| ⚠️ | Error | Not_Reviewed |
| 👁️ | Manual Review | Not_Reviewed |
| ⏳ | Pending | Not_Reviewed |
How to Export CKL
- Complete your audit (must be STIG compliance)
- Go to Audit → STIG CKL Export in the menu bar
- Select your CKL template file
- Choose where to save the updated CKL
- Click Export
The Audit menu only appears when the audit results window is open.
What Gets Updated
For each matching STIG ID:
- STATUS: Updated to match audit result
- FINDING_DETAILS: Populated with check command and output
- COMMENTS: Filled with user comments or rule discussion
- HOST_NAME: Set from device information
Requirements
- Audit must use a STIG baseline
- You must have a CKL template file
- STIG IDs must match between your audit and the template
Custom Logo
To use your organization's logo in reports:
- Create a PNG image named
logo.png - Place it in your MACE project folder
- MACE automatically uses it in PDF and HTML exports
Logo recommendations:
- Format: PNG with transparency
- Size: 200-400 pixels wide
- Aspect ratio: Horizontal works best
Best Practices
Create a "before" snapshot of your compliance state. This documents your starting point for comparison after fixes.
When sharing with auditors, enable "Include Override Indicators" so they can see which results were manually changed.
Enable "Section Summary" when creating reports for management. It highlights problem areas at a glance.
Export to CSV if you need to do custom analysis, create charts, or combine audit data with other systems.
If you're submitting to a DoD security assessment, the CKL format is required. Keep your template CKL up to date.