So install anti-virus software on the Macs? I'm not seeing the issue.
verdverm•7mo ago
ClamAV is free and acceptable for SOC2
kvz•7mo ago
We do run that on our Linux servers. For macbooks, ClamAV makes very little sense. Besides, they mandate we centrally manage that, too.
verdverm•7mo ago
SOC2 compliance requires AV on Mac too
not sure why you think it is unnecessary, generally speaking
The choice is not hard, either install AV or get removed. You're not going to change their policy
kvz•7mo ago
The actual requirement is not: a centralized console where macOS antivirus updates are pushed to all user devices.
We take security very seriously but this is not the way.
kvz•7mo ago
The full story didn't fit in the title.
They want evidence of the antivirus updates for our macbooks being centrally managed by some tool (quote-unquote: WSUS). I get this is how some enterprises operate, but for our small shop we're talking a handful of macbooks that have access to even anything. And even so the people who operate those are contractually obligated to run a very tight ship (encrypted disks, auto updates (which includes XProtect, apple's native antivirus so to speak), 2FA on all services, etc), tunnelling on unprotected wifi, etc.
We sent evidence of all of this. But they really want centrally managed antivirus for our macbooks.
gumboshoes•7mo ago
verdverm•7mo ago
kvz•7mo ago
verdverm•7mo ago
not sure why you think it is unnecessary, generally speaking
The choice is not hard, either install AV or get removed. You're not going to change their policy
kvz•7mo ago
We take security very seriously but this is not the way.
kvz•7mo ago
They want evidence of the antivirus updates for our macbooks being centrally managed by some tool (quote-unquote: WSUS). I get this is how some enterprises operate, but for our small shop we're talking a handful of macbooks that have access to even anything. And even so the people who operate those are contractually obligated to run a very tight ship (encrypted disks, auto updates (which includes XProtect, apple's native antivirus so to speak), 2FA on all services, etc), tunnelling on unprotected wifi, etc.
We sent evidence of all of this. But they really want centrally managed antivirus for our macbooks.