Audit Results

View, filter, edit, and understand your compliance audit results.

Every rule's status, what was checked, and what was found.

Results Overview

After an audit completes, you see a comprehensive view of your Mac's compliance status. The results screen has three main areas:

Summary header: Pass rate, status counts, and filter controls
Results table: Every rule with its status and details
Details panel: Deep dive into the selected rule

Summary Statistics

At the top of the results view, you'll see:

Your main compliance score. Shows what percentage of rules passed out of all the rules that could be automatically checked.

N/A and Manual Review rules don't count toward this number.

Color-coded counts for each status type:

Total: All rules that were checked
Passed (green): Rules that passed
Failed (red): Rules that failed
Manual Review (yellow): Rules needing human verification
Errors (orange): Rules where the check couldn't run
N/A (gray): Rules not applicable to this system

Results Table

The main table shows every rule that was checked:

Table Columns

Color-coded badge showing Pass, Fail, Error, Manual Review, N/A, or Pending.

The unique identifier for this rule. For STIG compliance, this shows the STIG ID (like APPL-15-005001). For other baselines, it shows the rule ID.

Human-readable name describing what the rule checks (e.g., "Enable Firewall Logging").

The category this rule belongs to (e.g., "System Settings", "Authentication").

What the check command should return for a passing result. This is the "correct" value.

What your Mac actually returned. If this matches Expected, the rule passes.

How long the check took to run (in seconds). Helps identify slow-running checks.

Optional Columns

Depending on your baseline and settings, you may also see:

CIS ID: CIS Benchmark reference number (for CIS compliance)
Discussion: Additional context about the rule

Filtering and Searching

Filter by Status

Click the status badges to filter the table:

Click Failed to see only failed rules
Click Passed to see only passing rules
Click Manual Review to see rules needing attention
Click All to reset and show everything

Search

Use the search box to find rules by:

Rule ID: Search "firewall" to find firewall-related rules
Title: Search by the rule name
Section: Search by category name

Sorting

Click column headers to sort:

Rule ID: Alphabetical by identifier
STIG ID: By STIG reference (STIG compliance only)
Title: Alphabetical by name
Status: Groups by status (failures first)

Rule Details Panel

Click any rule to see its full details in the right panel:

The command that was run to check this setting. Shows exactly what MACE tested.

The remediation command that would fix a failing rule. Copy this to run manually, or use Build to generate scripts that include it.

Detailed explanation of why this rule exists, what it protects against, and any context for the setting.

If the check failed with an error, this shows what went wrong. Helps troubleshoot issues.

Click to copy the rule's ID to your clipboard. Useful for referencing specific rules in documentation or reports.

Editing Results

Overriding Status

Sometimes you need to manually change a rule's status. For example:

A check reports "Fail" but you've verified it's actually compliant via a different method
A check reports "Pass" but you know there's an issue
You've completed a manual review and need to set the status

To override a status:

Select the rule in the results table
Click the status dropdown in the details panel
Choose the new status (Pass, Fail, Error, Manual Review, N/A)

Overrides Are Tracked

When you override a result, MACE remembers the original value. Exports can show an "Override" indicator so auditors know which results were manually changed.

Editing Expected and Actual Output

You can also edit the Expected Output and Actual Output fields:

Click the field you want to edit
Modify the text
The change is tracked as an override

This is useful when:

The check returned extra whitespace or formatting
You need to document what you manually observed
You want to correct an expected value for your environment

Adding Comments

Comments let you document why a rule is in a particular state:

Select a rule
Find the Comment field in the details panel
Enter your notes

Use comments for:

Explaining why a rule is exempt
Documenting compensating controls
Noting when remediation is planned
Recording who verified a manual review item

Comments appear in all exported reports.

Re-running Rules

Re-run a Single Rule

After making changes to your Mac, you can re-check a single rule without running the entire audit:

Select the rule you want to re-check
Click Re-run (or right-click and select Re-run)
The rule is checked again and the result updates

Re-run All Rules

To re-run the entire audit:

Click Re-run All in the toolbar
All rules are checked fresh
User comments are preserved, but statuses are updated

Understanding Pass/Fail

What Makes a Rule Pass?

A rule passes when the Actual Output matches the Expected Output.

For example:

Expected: 1 (firewall enabled)
Actual: 1
Result: Pass

What Makes a Rule Fail?

A rule fails when the actual output doesn't match expected:

Expected: 1 (firewall enabled)
Actual: 0 (firewall disabled)
Result: Fail

Error vs Fail

Fail: The check ran successfully but the value was wrong
Error: The check itself failed to run (crashed, timed out, or returned unexpected output)

Errors need investigation to understand why the check couldn't complete.

Working with Manual Review Items

Rules marked "Manual Review" have no automated check. You must:

Read the discussionUnderstand what the rule requires and how to verify it

Manually verifyCheck the setting on your Mac or review documentation

Set the statusChange from "Manual Review" to Pass, Fail, or N/A

Add a commentDocument how you verified and what you found

Identifying Problem Areas

Failed Rules

Failed rules are your immediate priority. For each failed rule:

View the Expected vs Actual to understand the gap
Check the Fix Script to see how to remediate
Decide whether to fix now or document an exception

Section Breakdown

Enable "Section Summary" in export options to see compliance by category. This helps identify which areas of your baseline have the most failures.

Best Practices

📝

Document everything

Add comments to any rule with exceptions, compensating controls, or special circumstances. This helps auditors understand your decisions.

🔍

Review errors first

Error results mean something went wrong with the check itself. Investigate these before addressing failures.

✅

Complete manual reviews

Don't leave rules in "Manual Review" status. Verify each one and set a definitive status with documentation.

📊

Export before making changes

Export results before remediating so you have a record of the "before" state for comparison.

What's Next?

📄

Exporting Reports

Export to PDF, HTML, CSV, and STIG CKL formats

Results Overview​

Summary Statistics​

Results Table​

Table Columns​

Optional Columns​

Filtering and Searching​

Filter by Status​

Search​

Sorting​

Rule Details Panel​

Editing Results​

Overriding Status​

Overrides Are Tracked

Editing Expected and Actual Output​

Adding Comments​

Re-running Rules​

Re-run a Single Rule​

Re-run All Rules​

Understanding Pass/Fail​

What Makes a Rule Pass?​

What Makes a Rule Fail?​

Error vs Fail​

Working with Manual Review Items​

Identifying Problem Areas​

Failed Rules​

Section Breakdown​

Best Practices​

What's Next?​