Smplify Logo
    macOS Security Compliance Project logo

    mSCP 2.0 + AI Ready

    Easily Add Apple
    Device Compliance
    to Your Product

    Smplify is API-first MDM infrastructure built from the ground up for platform builders. Pair it with mSCP 2.0 and AI, and you get a real compliance execution layer — ready to ship.

    Bob Gendler of NIST — the lead architect of the macOS Security Compliance Project (mSCP) — invited Smplify to the 2026 mSCP Developer Day to share how developers can build and extend mSCP 2.0. Artifacts from the session:

    View the compliance reportRead the live demo session

    Replace Months of Infrastructure Work
    with One API Call

    An experienced Mac admin working with mSCP and a configured MDM platform may require 2–3 days to implement compliance across a fleet. For anyone with less experience, it could take far longer.

    Smplify compresses that into a single API call.

    See the full breakdown

    Supported baselines

    NISTDISA STIGCMMCCISCNSSIBIO (Netherlands)
    policies.create.js
    // Enforce an mSCP 2.0 NIST Baseline across an entire tenant fleet
const smplify = require('@smplify/node')('sk_live_2026_prod');

await smplify.policies.create({
  tenant_id: 'tenant_enterprise_delta_9',
  platform: 'macos',
  engine: 'ddm',
  framework: 'mscp_2.0',
  baseline: 'nist_800_53_rev5_required',
  enforcement: 'strict'
});
    Read the SDK reference

    Full Compliance CLI, Included

    The Smplify CLI has compliance workflows built in. When paired with Claude Code, it functions as a native AI skill, reducing token usage by over 60%.

    What your customers get:

    • Guided compliance workflows
    • mSCP 2.0 ready
    • A more token-efficient path than the MCP server alone

    You Could Build This Yourself

    What you’re signing up for
    • Low-level protocol work. Apple’s DDM isn’t a simple REST wrapper. Mapping plist structures, XML profiles, and payload schemas is deep, specialized work — before you’ve written a line of product code.
    • A permanent maintenance commitment. Apple updates MDM behaviors on their schedule. Once you build it, someone owns it indefinitely. Engineering capacity that should be building your product.
    • The mSCP translation problem. Bridging mSCP 2.0 YAML baselines to your MDM layer is a project in itself — unless your infrastructure was designed for it from the start.
    • Compliance expertise is a discipline. NIST 800-53, DISA STIG, CIS — getting these wrong is measured in audit failures, not just bugs.
    The Smplify alternative
    • API-first by design. Every capability is a clean API call. Your engineers build product, not plumbing.
    • mSCP 2.0 native. YAML baselines map directly to deployable policies. No manual translation.
    • AI and MCP server ready. Real data, real schemas, real enforcement. No retrofitting required.
    • Schema-validated profiles, not approximations. mSCP 2.0’s structured YAML gives our MCP server exact source data to work from. Every profile it builds is deployable — not theoretical.
    • Apple DDM native. Supported natively across the entire Apple device ecosystem. One infrastructure layer from day one.
    • Your product stays yours. Smplify is infrastructure — not a dashboard your customers will see, not a competing product.

    Stop Building Plumbing
    Start Shipping Product

    If your product needs native device compliance, you have two options: spend months (maybe years) building it yourself, or embed Smplify and ship it in days. Your team, your codebase, your product — we’re just the infrastructure underneath.