| 1.3 Enable app update installs | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Ensure 'Enforce user logon restrictions' is set to 'Enabled' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.3.1 Ensure 'Enforce user logon restrictions' is set to 'Enabled' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.4 Ensure Installation of App Update Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always' | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL |
| 2.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.9 Pair the remote control infrared receiver if enabled | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.2.1.14 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.15 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.15 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.16 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | |
| 3.3.1 Ensure 'Managed Safari Web Domains' is `Configured` | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | |
| 3.3.1 Ensure 'Managed Safari Web Domains' is `Configured` | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.2 Ensure device is not obviously jailbroken or compromised | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure device is not obviously jailbroken or compromised | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure device is not obviously jailbroken or compromised | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | SYSTEM AND SERVICES ACQUISITION |
| 5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 20.57 Ensure 'Server Message Block (SMB) v1 protocol must not be installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.57 Ensure 'Server Message Block (SMB) v1 protocol must not be installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.57 Ensure 'Server Message Block (SMB) v1 protocol must not be installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| AIOS-15-014600 - Apple iOS/iPadOS 15 must disable copy/paste of data from managed to unmanaged applications. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-714600 - Apple iOS/iPadOS 16 must disable copy/paste of data from managed to unmanaged applications. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-714600 - Apple iOS/iPadOS 17 must disable copy/paste of data from managed to unmanaged applications. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-15-005058 - The macOS system must disable Handoff. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Screen Sharing and Apple Remote Desktop | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SHPT-00-000600 - SharePoint managed service accounts must be set to enable automatic password change. | DISA STIG SharePoint 2010 v1r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Central Administration is a separate App Pool | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Internet & Extranet assigned to diff App Pools | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - No Applications assigned to Default App Pool | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
