How MACE Works
MACE is a native macOS app that takes government-sourced security compliance data, lets you customize it for your organization, and outputs it in formats you can deploy directly to your fleet.
Where the Data Comes From
The security rules inside MACE originate from the macOS Security Compliance Project (mSCP) — a publicly hosted project on GitHub maintained in collaboration with NIST and various U.S. government agencies and security teams. mSCP continuously pulls from a wide range of government and industry security standards, packages that guidance into structured YAML — rules, baselines, and remediation scripts — and publishes it publicly. New frameworks and updates are added regularly as the project evolves.
MACE ingests that data directly so you always have access to the latest government-vetted security guidance. On top of that, MACE is actively building its own hardcoded rule library to surface additional compliance options and mappings that aren't yet part of the public mSCP project — giving you access to more coverage, sooner.
What MACE Does With It
Once ingested, MACE gives you a native macOS interface to work with that data end-to-end:
MACE loads the mSCP rule library and baselines so you can browse 500+ security rules across every supported framework — no command line, no Python, no manual YAML.
Enable or disable rules for your environment, set organization-defined values (ODVs), and tailor baselines to your specific requirements. You can also write and add your own custom rules to MACE — covering anything not already in the mSCP library.
Generate deployment-ready output from your customized baseline — shell scripts, configuration profiles (.mobileconfig), declarative device management (DDM), and signed profiles ready for your MDM.
Run real-time compliance checks directly on any Mac to verify what's passing, what's failing, and what needs attention — before and after deployment.
Generate human-readable compliance documentation for your security team, auditors, or leadership — showing exactly which controls are in place and why.
Push your validated build to your production fleet via MDM. Use the audit scripts and extension attributes generated by MACE to monitor ongoing compliance across every device.
The MACE Workflow
Build once, test on a small fleet, then deploy everywhere.
Core Features
Each step in the workflow maps to a core feature in MACE:
Two Engines, One Interface
All of those features feed into one moment: generating your output. When you're ready to build, MACE gives you two engine options to process your customized baseline — same rules, same settings, your choice of how to run it:
mSCP Build Beta
Uses mSCP scripts with default options. Customize by editing files directly.
- Standard mSCP output formats
- Python-based execution
- Full mSCP compatibility
M.A.C.E. Build
Built on Swift, the M.A.C.E. engine is faster, easier to use, and more customizable than mSCP's Python scripts — no manual file edits required.
- Extended export options
- Profile signing support
- Custom branding for docs
- No Python required
You can switch between engines at any time. Your project and customizations remain the same.