First steps with CIS benchmark macOS

Hi y'all,

For 2025 our security officer has a good new years resolutions: have a CIS benchmarks implemented!.

Guess who's tasked to figure this one: yes, me!

Our plan is to have every year, when a new version of macOS is released, an update of the CIS configuration for that specific new versions.

Any tools which can monitor and enforce these settings?

Sure, rollout very gradually, but any field experience you can share?

How heavy will our users be impacted?

Any other tips or ideas you are willing to share will be appropriated!

We are using Jamf Pro btw.