WOMBAT

WOMBAT (Workspace ONE macOS Baselines Authoring Tool) is a macOS application designed to help organisations deploy over 200 security configuration standards for Apple devices within their Workspace ONE UEM environment.

What It Does

WOMBAT bridges the gap between security compliance frameworks and Workspace ONE UEM deployment. Rather than manually translating CIS benchmarks, NIST guidelines, or organisational security policies into MDM profiles, WOMBAT automates the entire process - from baseline selection through to profile generation and deployment.

Key Features

• 200+ security baselines - Pre-built configuration standards aligned with major compliance frameworks including CIS, NIST, and DISA STIG
• Visual authoring - A native macOS interface for browsing, customising, and combining security baselines without touching XML or JSON
• Workspace ONE integration - Direct deployment to Workspace ONE UEM environments, generating properly formatted profiles ready for assignment
• macOS Security Compliance Project alignment - Built on the foundations of the open-source macOS Security Compliance Project (mSCP), extending its standards into enterprise-ready UEM configurations
• Customisation - Override individual settings, create organisation-specific baselines, and layer policies for different device groups
• Export & audit - Full export of selected baselines for documentation, compliance audits, and change management

Why It Exists

Deploying security baselines to macOS fleets at scale is tedious and error-prone. Most organisations either under-configure their devices or spend weeks manually building profiles. WOMBAT reduces that to minutes - pick your compliance framework, customise where needed, and deploy directly to your UEM environment.

Built With

A personal project developed in collaboration with the macOS Security Compliance Project community and tested by MacAdmins across enterprise environments.