Merge branch 'dev_ios16_readme' into ios_16

Author: robertgendler

CHANGELOG.adoc

@@ -0,0 +1,32 @@
+# Changelog
+
+This document provides a high-level view of the changes to the macOS Security Compliance Project.
+
+## [iOS 16, Revision 2.1] - 2025-06-XX
+* Rules
+  * bug fixes
+* Scripts
+  * generate_guidance
+    * bug fixes
+  * generate_scap
+    * bug fixes
+
+## [iOS 16, Revision 2.0] - 2024-04-24
+
+* Rules
+  * Modified Rules
+    * os_allow_contacts_read_managed_sources_unmanaged_destinations_disable
+    * os_application_allow_list
+    * os_disallow_enterprise_app_trust
+    * os_safari_cookies_set
+    * os_safari_force_fraud_warning_enable
+    * os_supervised_mdm_require
+    * os_untrusted_tls_disable
+    * pwpolicy_force_pin_enable
+* Supplemental
+    * supplemental_cis_manual
+    * supplemental_stig
+
+## [iOS 16, Revision 1.0] - 2023-09-21
+
+* Initial Public release

CHANGELOG.md

@@ -1,31 +1,31 @@
-== Contributing
+## Contributing
 
-=== Engage
-Contribute new content, share feedback and ask questions about resources in the repository using the https://github.com/usnistgov/macos_security/issues/new[Issues feature].
+### Engage
+Contribute new content, share feedback and ask questions about resources in the repository using the [Issues feature](https://github.com/usnistgov/macos_security/issues/new).
 
-=== Operating Rules
+### Operating Rules
 These operating rules describe and govern NIST’s management of this repository and contributors’ responsibilities. NIST reserves the right to modify this policy at any time.
 
-=== Criteria for Contributions and Feedback
-This is a moderated platform. NIST will only accept contributions that are contributed per the terms of the license file. Contributors may submit links or materials for hosting in the repository. Upon submission, materials will be public and considered publicly available information, unless noted in the license file. 
+### Criteria for Contributions and Feedback
+This is a moderated platform. NIST will only accept contributions that are contributed per the terms of the license file. Contributors may submit links or materials for hosting in the repository. Upon submission, materials will be public and considered publicly available information, unless noted in the license file.
 
-NIST reserves the right to reject, remove, or edit any contribution or feedback, including anything that: 
-* states or implies NIST endorsement of any entities, services, or products;  
-* is inaccurate;  
-* contains abusive or vulgar content, spam, hate speech, personal attacks, or similar content;  
-* is clearly "off topic"; 
+NIST reserves the right to reject, remove, or edit any contribution or feedback, including anything that:
+* states or implies NIST endorsement of any entities, services, or products;
+* is inaccurate;
+* contains abusive or vulgar content, spam, hate speech, personal attacks, or similar content;
+* is clearly "off topic";
 * makes unsupported accusations;
-* includes personally identifiable or business identifiable information according to Department of Commerce Office of Privacy and Open Government (http://www.osec.doc.gov/opog/privacy/PII_BII.html[guidelines]; or, 
+* includes personally identifiable or business identifiable information according to Department of Commerce Office of Privacy and Open Government [guidelines](http://www.osec.doc.gov/opog/privacy/PII_BII.html); or,
 * contains .exe or .jar file types.
 
 _These file types will not be hosted in the NIST repository; instead, NIST may link to these if hosted elsewhere._
 
-=== Contributor Responsibilities
+### Contributor Responsibilities
 NIST also reserves the right to reject or remove contributions from the repository if the contributor fails to carry out any of the following responsibilities:
 
 * following the contribution instructions;
 * responding to feedback from other repository users in a timely manner;
 * responding to NIST representatives in a timely manner;
 * keeping contributions and contributor GitHub username up to date
 
-*GitHub Help:* If you're having trouble with these instructions, and need more information about GitHub, pull requests, and issues, visit GitHub's Help https://help.github.com/categories/collaborating-with-issues-and-pull-requests/[page]. 
+**GitHub Help:** If you're having trouble with these instructions, and need more information about GitHub, pull requests, and issues, visit GitHub's Help [page](https://help.github.com/categories/collaborating-with-issues-and-pull-requests/).

CONTRIBUTING.adoc renamed to CONTRIBUTING.md

@@ -0,0 +1,52 @@
+![Alt text](templates/images/mscp_banner_outline.png)
+
+![Alt text](https://badgen.net/badge/icon/apple?icon=apple&label)
+![Alt text](https://badgen.net/badge/icon/16.0?icon=apple&label)
+
+> [!IMPORTANT]
+> We recommend working off of one of the OS branches, rather than the `main` branch.
+
+The macOS Security Compliance Project is an link:LICENSE.md[open source] effort to provide a programmatic approach to generating security guidance. The configuration settings in this document were derived from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, _Security and Privacy Controls for Information Systems and Organizations_, Revision 5. This is a joint project of federal operational IT Security staff from the National Institute of Standards and Technology (NIST), National Aeronautics and Space Administration (NASA), Defense Information Systems Agency (DISA), and Los Alamos National Laboratory (LANL).
+
+This project is the technical implementation of NIST Special Publication, 800-219 (Rev. 1) [Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)](https://csrc.nist.gov/pubs/sp/800/219/r1/final).  NIST Special Publication 800-219 is the official guidance from for automated secure configuration for macOS.
+
+Apple acknowledges the macOS Security Compliance Project with information on their [Platform Certifications](https://support.apple.com/guide/certifications/macos-security-compliance-project-apc322685bb2/web) page.
+
+This project can be used as a resource to easily create customized security baselines of technical security controls by leveraging a library of atomic actions which are mapped to the compliance requirements defined in NIST SP 800-53 (Rev. 5). It can also be used to develop customized guidance to meet the particular cybersecurity needs of any organization.
+
+To learn more about the project, please see the [wiki](https://github.com/usnistgov/macos_security/wiki).
+
+If you are interested in supporting the development of the project, refer to the [contributor guidance](CONTRIBUTING.md) for more information.
+
+## Usage
+
+Civilian agencies are to use the National Checklist Program as required by [NIST 800-70](https://csrc.nist.gov/publications/detail/sp/800-70/rev-4/final).
+
+> [!NOTE]
+> Part 39 of the Federal Acquisition Regulations, section 39.101 paragraph (c) states, “In acquiring information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of Standards and Technology’s website at https://checklists.nist.gov. Agency contracting officers should consult with the requiring official to ensure the appropriate standards are incorporated.”
+
+## Authors
+
+
+|||
+|----|----|
+|Bob Gendler|NIST|
+|Allen Golbig|Jamf
+|Dan Brodjieski|NASA
+|John Mahlman IV|Leidos
+|Aaron Kegerreis|DISA
+|Henry Stamerjohann|Zentral Pro Services GmbH
+|Marco A Piñeryo II|State Department
+|Jason Blake|NIST
+|Blair Heiserman|NIST
+|Joshua Glemza|NASA
+|Elyse Anderson|NASA
+|Gary Gapinski|NASA
+
+## Changelog
+
+Refer to the [CHANGELOG](CHANGELOG.md) for a complete list of changes.
+
+## NIST Disclaimer
+
+Any identification of commercial or open-source software in this document is done so purely in order to specify the methodology adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the software identified are necessarily the best available for the purpose.