While i was working with Jamf’s CIS Benchmark, Script and Configuration Profile Remediation tool, I had the feeling there was missing a overview with compleet reporting. You can find some info by the device record in Jamf, however this was only for the Non-compliant items.

To expand the Jamf Proffessional Services CIS for macOS Catalina - Script and Configuration Profile Remediation, I created the


  • This script is tested on macOS Big Sur 11.*
  • Make sure that the script has the correct permissions chmod +x
  • Reporting document will be stored in the folder “Reports” at the same location as the script.
  • When the script is done, the report will be opend in Numbers, Microsoft Excel or other prefered text editor of your choice.

Script must be run as root, or have root privileges

sudo ./

Reporting all or use organizational compliance scoring

The script reads the org_security_score.plist if present otherwise it creates a full report of the CIS Security State of the device. The CIS-Reporting script preformes a read-only report on the state, and doesn’t change anything.

Build-in option, the option to choose orgSecurityScore (0) or for reporting all (1), no need for an organizational compliance scoring to see the CIS Security State of your device.

# set to 0 for orgSecurityScore, 1 for reporting all

The result is a .csv file, including a remediation instructions and will be stored in the folder “Reports” at the same location as the script.