Hi All, Yes! I completely agree with Josh, on the usage configuration profiles. Being the XMLformatted content of these files can be easily parsedtofetch the composed policies values, to develop the SCAP OVALl definitions, using available '< xmlfilecontent_test >' or '< plist510_test >' probesfor better assessment. And also, as these files can be easily deployed with customized values as per user's choice. Either by * By physically connecting the device * In an email message * On a webpage * Using over-the air configuration as described in this document so I thinkitwill be of great use in remediation part as well. _______________________________________________________________________________________ In supportive to Josh, I have attached few Profile files, that were developed to address the Apple iOS Hardening Checklists by The University Of Texas at Austin. FMI : https://wikis.utexas.edu/display/ISO/Apple+iOS+Hardening+Checklist https://wikis.utexas.edu/display/ISO/iOS+Configuration+Profiles -- Thanks !! Prabhu S A http://www.scaprepo.com On 05/31/2013 02:50 AM, Josh Wisenbaker wrote:

Hi all,

I think that from an audit and remediation standpoint things can be greatly simplified by using Configuration Profiles.

You can easily get a XML formatted list of the composited policies that are on the Mac and you can easily apply settings by installing a profile. Using the policy mechanisms in OS X is highly recommended over messing with files.

As an example here is a profile I made that implements all of the settings for the initial loginwindow tickets that are in the tracker.

This profile allows for removal without authentication so it's easy to test with.

Thoughts? Josh

-- Josh Wisenbaker Consulting Engineer - Apple U.S. Commercial and Governmental Sales dubs@apple.com <mailto:dubs@apple.com>

_______________________________________________ SCAP-On-Apple-Dev mailing list SCAP-On-Apple-Dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/scap-on-apple-dev