Overview
MACE gives you a complete workflow for managing macOS security compliance. Here's how the pieces fit together.
The MACE Workflow
Build once, test on a small fleet, then deploy everywhere. This workflow catches issues early, before they reach production.
Setup — Start with a proven or required baseline (STIG, CIS, NIST, or CMMC), then tailor it to your organization's needs. Enable or disable rules, adjust values, and add custom rules.
Test — Deploy to a small test fleet first. Run audits to verify everything works as expected. Generate documentation for yourself, your security team, or auditors to show exactly what's being applied to the fleet.
Deploy — Once validated, push the same build to your production fleet via MDM. Use the audit scripts and extension attributes you built to verify deployment and monitor ongoing compliance across your fleet.
Core Features
Each step in the workflow maps to a core feature in MACE:
Begin with a framework baseline and only customize what you need. You can always add more rules or adjust settings as your requirements evolve.
Two Engines, One Interface
All output files (scripts, profiles, DDM, documentation) can be built using two different methods:
mSCP Scripts
The original Python scripts provided by mSCP. Use this for full compatibility with standard mSCP workflows.
- Standard mSCP output formats
- Python-based execution
- Full mSCP compatibility
MACE Engine
Native Swift implementation built into MACE. Offers more customization options than the Python scripts.
- Extended export options
- Profile signing support
- Custom branding for docs
- No Python required
You can switch between engines at any time. Your project and customizations remain the same.