U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-179 1.0 Checklist Details (Checklist Revisions)

Checklist Highlights

Checklist Name:
NIST SP 800-179
Checklist ID:
Review Status:
Governmental Authority: NIST, Computer Security Division
Original Publication Date:

Checklist Summary:

This publication assists IT professionals in securing Apple OS X 10.10 desktop and laptop systems within various environments. It provides detailed information about the security features of OS X 10.10 and security configuration guidelines. The publication recommends and explains tested, secure settings with the objective of simplifying the administrative burden of improving the security of OS X 10.10 systems in three types of environments: Standalone, Managed, and Specialized Security-Limited Functionality.

Checklist Role:

  • Operating System

Known Issues:

See the project’s GitHub page for solutions to known issues: https://github.com/usnistgov/applesec

Target Audience:

This document has been created for IT professionals, particularly system administrators and information security personnel (security managers, engineers, administrators, etc.) who are responsible for securing or maintaining the security of OS X 10.10 systems. Auditors and others who need to assess the security of systems may also find this publication useful. The document assumes that the reader has experience installing and administering OS X-based systems. The document discusses various OS X 10.10 security settings in technical detail.

Target Operational Environment:

  • Standalone
  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

The security baselines were only tested on Apple OS X 10.10.

Regulatory Compliance:

FISMA with NIST SP 800-53 mapping


Perform a full backup of the system and data before applying the security baseline.


Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic. NIST would appreciate acknowledgement if the document and baselines are used.

Product Support:

Not provided.

Point of Contact:



Not provided.


This data was developed by employees of the National Institute of Standards and Technology (NIST), an agency of the Federal Government. Pursuant to title 15 United States Code Section 105, works of NIST employees are not subject to copyright protection in the United States and are considered to be in the public domain.

Change History:

Corrected link - 05/15/2017
Corrected SHA error - 3/1/2018
Updated reference per NIST - 6/27/22
updated SHA - 7/18/2022
updated redirecting URL - 7/25/23


URL Description


Reference URL Description

NIST checklist record last modified on 07/25/2023