We are proud to announce that we are the driving force behind the development of NLMAPGOV. Together with a collective of government organisations, we have created this concrete tool to make macOS environments BIO2 compliant. As the architects of this set of measures, we are also the ideal partner to guide organisations through its implementation.

In 2024, we discussed how macOS compliance within the government is often a complex and time-consuming issue. Especially for organisations that must comply with the ISO27002-based BIO2 standard, there remained a gap between abstract policy and technical practice. The CIS Benchmark provided guidance, but lacked a direct link to the BIO. With the development of NLMAPGOV, we have now finally closed that gap.

What is BIO2?

BIO2 is the updated standards framework for information security within Dutch government organisations and replaces the previous BIO version. Since September 2025, BIO2 has been the formally ratified standard for the central government, municipalities, provinces and water boards. The standard is based on ISO/IEC 27002:2022 and guarantees the confidentiality, integrity and availability of information.
Because BIO2 is deliberately formulated in abstract terms (it determines what needs to be done, but not how), organisations face the challenge of translating it into demonstrable technical measures in macOS. With NLMAPGOV, Root3 offers the solution and substantiation needed by CISOs, auditors and management.

The NLMAPGOV-baselines

In early 2025, we took the lead in creating a set of technical measures that are optimally tailored to macOS. Months of intensive analysis, testing and collaboration have resulted in two baselines:

  • NLMAPGOV Base: A solid foundation for organisations that want to take control of their own security policy. It offers a powerful starting point for (large) organisations with their own security capacity to build towards full compliance.
  • NLMAPGOV Plus: A directly applicable, widely supported standard. This comprehensive set is based on recognised industry standards (NCSC, CIS, NIST) and Apple best practices. This reduces your dependence on individual interpretations and allows you to achieve demonstrable compliance more quickly.

NLMAPGOV is already being used in various government environments. We are extremely proud of this!

Built on a world-leading framework

NLMAPGOV was built by us on the macOS Security Compliance Project (mSCP), a leading international open source framework for developing, implementing and auditing security baselines on macOS. We actively collaborate within this international project. Based on our practical experience with the Dutch government, we make concrete contributions to the further development of mSCP. This unique combination of local government knowledge and international expertise ensures a technically sound approach that cannot be found anywhere else. What’s more, it is recognised by Apple as a reference framework for security compliance.

Future-proof compliance

NLMAPGOV is a dynamic tool. We continue to develop the baselines based on changes in BIO2 and new macOS releases. In addition, we are currently working on the baselines for iOS/iPadOS 26, so that soon the entire Apple ecosystem within the government will be covered by the same structured approach.

macOS compliance: from interpretation to implementation

With NLMAPGOV, we make macOS compliance simple and reproducible. The direct link between BIO2 requirements and technical configurations based on mSCP creates a clear framework that enables organisations to roll out faster and demonstrate that measures are correctly implemented.
The annual cycle of new Apple hardware and software can now be completed more quickly and in a controlled manner, without having to revisit the compliance debate each time.

Getting started with NLMAPGOV

Want to see what we’ve built right away? The complete baselines are publicly available via GitHub:

Here you can see exactly which measures are part of the baseline and how they are technically structured within the macOS Security Compliance Project.

Translation to your organisation

As architects at NLMAPGOV, we know exactly how these measures will fit into an existing environment. We perform a targeted gap analysis to determine where your macOS environment stands and what the impact of implementation will be.
We also ensure a phased rollout and integration with solutions such as MDM platforms and compliance tooling, so that your organisation has the right reports for auditors.

Getting started with NLMAPGOV

Schedule an introductory meeting or start immediately with a targeted gap analysis and discover how we can help your organisation accelerate its journey to BIO2 compliance.
Want to be BIO2 compliant too? Get in touch!