Noah Pettit | September 26, 2017

Secure Your macOS and iOS Devices Against CIS Compliance

Security and compliance go hand-in-hand. Even if you are not one of the many businesses that is forced to comply with a federal or industry compliance framework, that doesn't mean you shouldn't still do so.  

Introduction

Security is of primary importance to anybody involved in the management of end-user devices. Every company in every industry needs to ensure that their devices are secure, but for some, compliance to security standards is legally mandated. Industries that retain sensitive or confidential information, such as healthcare, finance, government, retail, and eCommerce have to conform to standards that include HIPAA, FISMA, PCI, SOC 2, ISO 27001, and CIS, among others. These regulatory requirements must be met within these industries, and the IT department must ensure it is done correctly.  

CIS to the Rescue

With mounting urgency to stay on top of these regulations amid the explosion of Macs and other Apple devices penetrating the workforce—not to mention the increasing sophistication of today’s cyber-threats—IT professionals everywhere are scrambling to find a tailored solution. Fortunately, the Center for Internet Security (CIS) has developed points of reference (benchmarks) that can be leveraged to ensure security compliance for MacOS and iOS devices. The CIS was established to provide the IT community with best practices in order to help protect the organizations they serve from malicious online attacks. The CIS is a not-for-profit, independent body comprised of an international community of cyber security professionals who are dedicated to safeguarding systems, networks, and software against the kinds of insidious threats we are seeing today. Their benchmarks are essentially configuration blueprints for scores of platforms and technologies—and best of all, they’re free. These configurations provide comprehensive examples of exactly how to keep iOS and MacOS devices secure. Some of the steps the CIS suggest include:
  • Turning on FileVault (an encryption tool that is built into every Apple device)
  • Enforcing Gatekeeper (an anti-malware tool)
  • Disabling print sharing
  • Enabling Firewall Stealth Mode
  • And more (view CIS website)
Each of these benchmarks can be enabled or disabled according to regulatory needs.
Related: See how we helped Okta implement Jamf Pro, prepare for zero-touch, and meet CIS compliance.

Using Jamf Pro for Enforcement & Remediation

Automating the process is also possible using an MDM (mobile device management) solution, such as Jamf Pro. Using the Jamf Pro platform as a launching pad, IT admins can define security policies and deploy them across the environment to enforce rules and report on their controls without actually touching the end user’s device. Through the MDM, controls can be built into your systems and deployed centrally to your iOS and Mac devices.These could include:
  • Password enforcement
  • Restricting access to specific URLs, personal cloud services, or features like the built-in camera
  • Blocking malicious applications
  • Encryption reporting
Taking it one step further, IT admins can leverage scripts to make the application of CIS best practices easy to deploy across your entire inventory of devices, or to a subset. Once the scripts are implemented, IT applies the appropriate security controls and can schedule compliance checks and remediation to run automatically. To learn more about CIS benchmarks and how to apply them in your environment, call Interlaced today.

Noah Pettit|

Currently serving a Vice President at Interlaced, Noah is a brand visionary and growth guru, tightly integrating various aspects of our company culture.

Recommended Reading