Facebook will take down our app because we don't install antivirus on macOS
twitter.comSo install anti-virus software on the Macs? I'm not seeing the issue.
The full story didn't fit in the title.
They want evidence of the antivirus updates for our macbooks being centrally managed by some tool (quote-unquote: WSUS). I get this is how some enterprises operate, but for our small shop we're talking a handful of macbooks that have access to even anything. And even so the people who operate those are contractually obligated to run a very tight ship (encrypted disks, auto updates (which includes XProtect, apple's native antivirus so to speak), 2FA on all services, etc), tunnelling on unprotected wifi, etc.
We sent evidence of all of this. But they really want centrally managed antivirus for our macbooks.
ClamAV is free and acceptable for SOC2
We do run that on our Linux servers. For macbooks, ClamAV makes very little sense. Besides, they mandate we centrally manage that, too.
SOC2 compliance requires AV on Mac too
not sure why you think it is unnecessary, generally speaking
The choice is not hard, either install AV or get removed. You're not going to change their policy
The actual requirement is not: a centralized console where macOS antivirus updates are pushed to all user devices.
We take security very seriously but this is not the way.