Skip to content

Layout

Jump to bottom
Allen Golbig edited this page Oct 8, 2024 · 10 revisions

Directories

Layout

baselines/  ---> Baseline profiles containing all the rules
build/      ---> Script output directory. Contains scripts, documents, and
                 mobileconfig files generated by scripts
custom/     ---> Custom rules and sections
includes/   ---> supporting files for build scripts
rules/      ---> Rules for securing the operating system; YAML content
                 with one rule per file
SCAP/       ---> Makefile, scripts, and required content for SCAP generation
scripts/    ---> Scripts to generate reports and configuration
sections/   ---> YAML configurations for sections in generating the guides
templates/  ---> AsciiDoc templates

baselines

The baselines directory contains the defined baseline files for:

  • NIST SP 800-53 rev5 Low, Moderate, and High

  • NIST SP 800-171 Rev2

  • DISA STIG

  • CIS Level 1 & 2

  • CIS Controls Version 8

  • CMMC Level 1 & 2

  • CNSSI 1253 Low, Moderate, and High

  • indigo Base & High

  • A baseline for all the rules in this repository

build

The build directory is where generated outputs (eg documents, mobileconfig) will be saved.

custom

The custom directory is used for creating tailored versions of the rules and sections files, to meet an organization’s requirements. The YAML files placed within this folder will take priority when running generate_guidance.py.

📎
 The filenames must remain the same as the original YAML filenames.

includes

The includes directory contains YAML-based libraries required for currently developed scripts.

rules

The rules directory includes the following categories of control settings for configuring the operating system:

  • audit - configuration and enforcement of the OpenBSM settings.

  • auth - configuration and enforcement of smartcard authentication.

  • icloud - configuration of Apple’s iCloud/Apple ID service.

  • os - rules to configure the operating system that are not defined within other categories of the rules directory.

  • pwpolicy - configuration and enforcement of password policy.

  • supplemental - additional information to support the guidance provided by the baselines.

  • system_settings (sysprefs on macOS Monterey and older) - configuration and enforcement of settings controlled within the System Settings/System Preferences application.

SCAP

The SCAP directory is where required Extensible Stylesheet Language Transformations(XSL) files are stored, along with the CPE oval and definition, and scripts to generate an SCAP document.

scripts

The scripts directory is where scripts that will be used to create specific baselines are stored, along with the required files for them.

sections

The sections directory is used to define the different sections that correlate to the different directories in the rules folder. The YAML files contain the name and descriptions as they will appear in the generated guide.

templates

The templates directory includes AsciiDoc templates for generating an AsciiDoc guide.

Introduction

Clone this wiki locally