Forum Discussion
Compliance project for Android?
Hi all,
For Apple (iOS/MacOS ) we use the macos security compliance project tooling (https://github.com/usnistgov/macos_security#readme) for mapping compliance guidelines. A short summary:
The macOS Security Compliance Project (mSCP) is an open‑source framework that provides automated, customizable security guidance and baselines for macOS, producing documentation, audit checklists, configuration profiles, and remediation scripts.
It supports major security standards, including NIST SP 800‑53, NIST SP 800‑171, DISA STIG, CNSSI 1253, CIS Benchmarks, CIS Critical Security Controls v8, CMMC 2.0 Levels 1–2, and the Netherlands BIO baseline.
I haven't found such a project for Android, as anyone aware of such a project that maps security guidelines to available API's for Android Enterprise?
Michel
2 Replies
You have STIG for Android.
Android 16 STIG is now live! | Android Enterprise and ChromeOS Customer Communities - 13166
I'm aware of that one, but its very much focussed on defense grade security. And thats a bit much for average companies, companies who comply to NIS2 or regular government offices.
I think we all could benefit from more benchmarks being written down like the STIG version. For apple we can use all of these as a started point, which is very helpfull:
