MACE
M.A.C.E. (Mac Advanced Compliance Editor) is a modern macOS app to simplify compliance baseline creation, auditing, and management using NIST's mSCP 2.0
Install / Use
/learn @MACE-App/MACEREADME
Contents
- About
- Why MACE?
- Quick Start
- Screenshots
- Features
- Build Capabilities
- Documentation Hub
- Audit & Verification
- Import & Integration
- Status
- Upcoming Features
- Community & Feedback
- Credits
About
M.A.C.E. (macOS Advanced Compliance Editor) is a native macOS app that simplifies compliance baseline creation, customization, auditing, and deployment using NIST's mSCP 2.0.
The problem: Compliance folks need better tools. The mSCP project is fantastic, but for those of us who are less command-line savvy, customizing baselines can be intimidating. We needed something that makes compliance simple and customizable — without requiring scripting knowledge.
The solution: M.A.C.E. fills that gap. This is my first app, and I have a lot to learn, but I'm building what I've needed for years: a tool that puts powerful compliance capabilities in a visual, approachable interface. The community decides where it goes next.
Built for:
- macOS Security Administrators
- Compliance Officers & IT Audit Teams
- MDM Administrators (Jamf, Workspace ONE, Intune)
- Government & Enterprise Security Teams
Why MACE?
| | | |---|---| | No command line required | Visual interface for creating and managing compliance baselines | | Native macOS app | Built with SwiftUI for a fast, responsive experience | | Dual build engines | Native MACE engine and official mSCP Python scripts | | All-in-one workflow | Create, customize, audit, document, and export from a single app | | MDM-ready exports | Generate deployment-ready profiles for Jamf, Workspace ONE, Intune, and more | | Direct MDM upload | Upload profiles, scripts, and extension attributes straight to Jamf Pro, Workspace ONE, or Intune | | Free & open source | Community-driven development with no licensing fees |
Quick Start
- Download the latest release
- Create a new project and select your compliance framework
- Customize rules to fit your organization's needs
- Build scripts and configuration profiles for deployment
- Audit your Mac and export compliance reports
Screenshots
<table> <tr> <td align="center"> <img src=".github/images/main-menu.webp" alt="MACE Main Menu" width="420" /> <p align="center"><em>Main menu & project dashboard</em></p> </td> <td align="center"> <img src=".github/images/compliance-hub.webp" alt="MACE Compliance Hub" width="420" /> <p align="center"><em>Compliance editor & rule hub</em></p> </td> </tr> <tr> <td align="center"> <img src=".github/images/build-hub.webp" alt="MACE Build Hub" width="420" /> <p align="center"><em>Build hub & artifact generation</em></p> </td> <td align="center"> <img src=".github/images/audit-hub.webp" alt="MACE Audit Hub" width="420" /> <p align="center"><em>Audit results & compliance dashboard</em></p> </td> </tr> <tr> <td align="center"> <img src=".github/images/documentation-hub.webp" alt="MACE Documentation Hub" width="420" /> <p align="center"><em>Documentation generation options</em></p> </td> <td align="center"> <img src=".github/images/rule-builder.webp" alt="MACE Rule Builder" width="420" /> <p align="center"><em>Rule builder with YAML preview</em></p> </td> </tr> </table>Audit Output Examples
View sample audit outputs generated by M.A.C.E.:
Features
Project Management
<p align="center"> <img src=".github/images/new-project-wizard.webp" alt="MACE New Project Wizard" width="500" /> </p> <p align="center"><em>New project wizard — select platform, version, and compliance framework</em></p>- Create compliance projects for macOS, iOS/iPadOS, and visionOS
- Open and manage existing projects (
.macefile format) - Import Jamf Compliance Editor (
.jce) files with auto-detected platform, version, and framework - Import mSCP 1.0 baselines
- Duplicate existing projects
- Recent projects list for quick access
- Platform and compliance framework selection wizard
- Automatic project saving with unsaved changes detection
Compliance Editor
- Three-panel interface: Sections sidebar, searchable rule list, and detailed editor
- Browse 500+ security rules organized by section
- Search, filter, and sort by:
- Compliance framework (STIG, CIS, NIST, etc.)
- Section/category
- Tags and metadata
- Modification status (modified vs. baseline)
- Enabled/disabled status
- Sort modes: Title, Rule ID, Section, Included status, Modified status, or STIG/CIS ID (ascending/descending)
- "Show All" mode to view all available rules regardless of framework
- Hide disabled rules toggle
- Search within rule details across all fields
- Keyboard shortcuts for power users (Space bar to toggle rules)
Rule Editing
- Edit all rule fields:
- Discussion, check criteria, and remediation instructions
- References and citations (NIST, DISA, CIS)
- Tags and metadata
- Mobile configuration payloads
- DDM (Declarative Device Management) declarations
- Organizational Defined Values (ODVs) with type hints, validation, and constraints
- Shell scripts for fixes
- Platform compatibility
- Disable/enable rules with custom justification text
- Include/exclude rules from baselines
- Flag rules for review with comments
- Track customizations with visual modification indicators and color-coded status
- Side-by-side comparison: baseline vs. custom rule versions
- Automatic YAML structure preservation
Rule Builder
- Create custom security rules from templates
- Edit standalone rule YAML files
- Full validation of rule ID and structure
- Section/category assignment, tags, references, mobileconfig, DDM, and ODV support
Rule Updates
<p align="center"> <img src=".github/images/rule-updates.webp" alt="MACE Rule Updates" width="700" /> </p> <p align="center"><em>Rule update detection with change summary</em></p>- Check for rule updates from the mSCP repository
- Detect updated, new, and removed rules with detailed change reports
- Auto-download latest rules from GitHub on app launch (configurable)
- Batch update management with framework filtering
Settings & Appearance
<p align="center"> <img src=".github/images/settings.webp" alt="MACE Settings" width="400" /> </p> <p align="center"><em>Settings — general, appearance, and advanced options</em></p>- Light, Dark, and System theme support
- 13+ seasonal and holiday app icons (automatically switch by date)
- Auto-save functionality
- Display settings memory (remember preferences across all hubs)
- Release channel selection: Alpha, Beta, Stable
- Application logging console with real-time logs, export, and log levels
- Advanced options: clear cache, reset Python/Ruby environments, open data folder
Build Capabilities
Script Generation
| Output | Description | |--------|-------------| | Audit Scripts | Shell scripts for compliance checking | | Remediation Scripts | Shell scripts to fix non-compliant settings | | Extension Attributes | Scripts for Jamf Pro and other MDMs |
Configuration Profiles
| Format | Use Case |
|--------|----------|
| .mobileconfig | Apple Configuration Profiles (combined or individual) |
| Plist | Jamf Pro Custom Settings |
| XML | Microsoft Intune |
| Signed Profiles | Digital signature support with certificate verification |
Declarative Device Management (DDM)
- Generate DDM declarations and artifacts
- Support for Apple's modern management APIs
- Service path configuration for system services
Artifact Formats
| Format | Description |
|--------|-------------|
| Shell Scripts | Combined or individual audit/remediation scripts |
| .mobileconfig | Combined or individual Apple Configuration Profiles |
| DDM JSON | Declarative Device Management declarations |
| Plist / XML | Jamf Pro and Intune configuration formats |
| Excel / CSV | Spreadsheet export for analysis |
| Audit Plist | Audit preference files for system scanning |
| Baseline YAML | Updated baseline file |
| README | Auto-generated build information |
Build Engines
- M.A.C.E. Build Engine: Native Swift engine with full customization and advanced output options
- mSCP Build Engine: Official NIST Python scripts with real-time output monitoring and progress tracking
