| 2.1.1.5 Audit Freeform Sync to iCloud | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L2 | MDM | ACCESS CONTROL |
| 2.4.6 Disable DVD or CD Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1.18 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.25 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | SECURITY ASSESSMENT AND AUTHORIZATION |
| 5.3.2 Ensure all user storage CoreStorage volumes are encrypted | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.2 Ensure all user storage CoreStorage volumes are encrypted | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-14-010600 - Apple iOS/iPadOS must implement the management setting: enable USB Restricted Mode. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-012200 - Apple iOS/iPadOS 17 must implement the management setting: enable USB Restricted Mode. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-14-002062 The macOS system must disable Bluetooth when no approved device is connected. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-002064 The macOS system must enable Gatekeeper. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002100 The macOS system must disable Media Sharing. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-002120 The macOS system must disable AppleID and Internet Account modifications. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002220 The macOS system must enforce on device dictation. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-003010 The macOS system must require a minimum password length of 14 characters. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-003060 The macOS system must require passwords contain a minimum of one lowercase character and one uppercase character. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-000003 - The macOS system must enforce session lock no more than five seconds after screen saver is started. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-000024 - The macOS system must enforce SSH to display a policy banner. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-000051 - The macOS system must configure SSHD ClientAliveInterval to 900. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000052 - The macOS system must configure SSHD ClientAliveCountMax to 1. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000053 - The macOS system must set login grace time to 30. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000130 - The macOS system must configure SSHD unused connection timeout to 900. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000140 - The macOS system must set SSH Active Server Alive Maximum to 0. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000160 - The macOS system must enforce auto logout after 86400 seconds of inactivity. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-001012 - The macOS system must configure audit log files to be owned by root. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001022 - The macOS system must be configured to audit all failed read actions on the system. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-001029 - The macOS system must configure audit retention to seven days. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001031 - The macOS system must configure audit failure notification. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001044 - The macOS system must be configured to audit all authorization and authentication events. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-002001 - The macOS system must disable Server Message Block (SMB) sharing. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-002003 - The macOS system must disable Network File System (NFS) service. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-002014 - The macOS system must disable iCloud Address Book. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002015 - The macOS system must disable iCloud Mail. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002037 - The macOS system must disable iCloud storage setup during Setup Assistant. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002068 - The macOS system must secure users' home folders. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002069 - The macOS system must require an administrator password to modify systemwide preferences. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-002120 - The macOS system must disable AppleID and internet Account Modification. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002180 - The macOS system must disable Find My service. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002200 - The macOS system must disable Personalized Advertising. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002220 - The macOS system must enforce On Device Dictation. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002240 - The macOS system must disable Printer Sharing. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-003001 - The macOS system must issue or obtain public key certificates from an approved service provider. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-005070 - The macOS system must enable Authenticated Root. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-005120 - The macOS system must enable Recovery Lock. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000150 - The Cisco switch must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'limit' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| JUNI-RT-000150 - The Juniper router must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Enable Recovery Lock | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL |
| Monterey - Enable Recovery Lock | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
