macOS Security Tool

mSBB macOS Security Baseline Builder

A native Swift app for building, customising, and exporting macOS security baselines — based on the mSCP framework. No terminal required.

⬡ View on GitHub Requirements →
v0.0.3 Latest
Swift Built with
macOS 13+ Requires
Free License
mSBB — Ventura Baseline
Baselines
Ventura 13
Sonoma 14
Sequoia 15
Categories
Audit
Authentication
Firewall
Encryption
Network
Audit Rules · 6 of 12 enabled
audit_acls_files_configure L1
audit_auditd_enabled L1
audit_flags_aa_configure L2
audit_flags_ad_configure HIGH
audit_flags_ex_configure L2
6 rules enabled · 3 HIGH severity
What it does

Built for Mac admins
who mean business.

🎛️
Visual Rule Builder

Browse and toggle mSCP security rules with a native SwiftUI interface. No YAML editing, no terminal. Just click what you want enforced.

📤
Profile Export

Export your configured baseline directly as MDM compatible configuration profile. One click from selection to deployment.

🍎
Multi-OS Support

Supports macOS Ventura, Sonoma, and Sequoia baselines — each with their own rule sets, severity levels.

🔍
Rule Details

Every rule shows its severity level, benchmark mapping, and a plain-English description of what it enforces and why it matters.

Native Swift Performance

Built entirely in Swift and SwiftUI — no Electron, no web views. Launches instantly, runs natively on Apple Silicon and Intel.

🆓
Free

Use the app as you please and adapt it for your own organisation's needs.

How it works

Three steps to a
production baseline.

01
Select your OS & baseline

Choose your target macOS version and a starting baseline — CIS Level 1, Level 2, or DISA STIG. mSBB loads the relevant rule set automatically.

Ventura 13 → CIS L1
42 rules loaded
02
Configure your rules

Toggle individual rules on or off. Filter by category, severity, or compliance framework. Every rule shows exactly what it sets and why.

audit/ → 6 enabled
auth/ → 12 enabled
03
Export & deploy

Export as a configuration profile ready for your MDM. Drop it straight into your MDM and assign to your device groups.

→ baseline.mobileconfig
→ Ready for deployment
System requirements

What you need.

macOS 13 Ventura or later
Apple Silicon or Intel Mac
No dependencies — fully self-contained
MDM Any MDM that accept configuration deployments
⬡ View on GitHub
Version history

Changelog.

v0.0.3
2026
Latest release.