| 1.1.3.7 Ensure require encryption for 3rd party endpoints (SIP/H.323) is set to enabled | CIS Zoom L1 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.4.2 Ensure automatic recording is set to 'Record in the Cloud' | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.9 Ensure IP address access control is set to organization approved ranges | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.12 Ensure allow recovery of deleted cloud recordings from trash is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 2.1.1.2 Audit iCloud Drive | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.1.1.2 Audit iCloud Drive | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.22.2 Ensure 'Block signing into Office' is set to 'Enabled: Org ID only' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL |
| 2.6.1 iCloud configuration | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.6.1.2 Audit iCloud Drive | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.8 Ensure that On-Premise SharePoint servers is configured without OneDrive redirection linkages. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.8 Ensure that On-Premise SharePoint servers is configured without OneDrive redirection linkages. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.1.1 Ensure only MFA enabled identities can access privileged Virtual Machine | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.1.1 Ensure Image Vulnerability Scanning is enabled | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | RISK ASSESSMENT |
| 5.1.1 Ensure Image Vulnerability Scanning is enabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | RISK ASSESSMENT |
| 5.3.1 Ensure Kubernetes Secrets are encrypted using keys managed in Cloud KMS | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.2 Consider external secret storage | CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 9.1.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | INCIDENT RESPONSE |
| 18.9.47.4.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.47.4.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.52.2 Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.52.2 Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 18.9.77.3.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.13.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.13.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 18.10.13.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 18.10.13.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 18.10.13.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 18.10.13.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.40.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.40.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.42.5.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.43.5.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.43.5.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 22.31 (L2) Ensure 'Remote Encryption Protection Aggressiveness' is set to 'Medium' or higher | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AIOS-12-004300 - Apple iOS must not allow backup to remote systems (iCloud Keychain). | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-004300 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud Keychain). | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-007400 - Apple iOS/iPadOS 15 allowlist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-007400 - Apple iOS/iPadOS 15 allowlist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-707400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AOSX-14-002049 - The macOS system must disable Cloud Document Sync. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000038 - Pocket must be disabled. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000038 - Pocket must be disabled. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000038 - Pocket must be disabled. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | CONFIGURATION MANAGEMENT |
| MS.AAD.3.7v1 - Managed devices SHOULD be required for authentication. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| WN10-CC-000390 - Windows 10 should be configured to prevent users from receiving suggestions for third-party or additional applications. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
