| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.1.1.5 Audit Freeform Sync to iCloud | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.9 Ensure 'Allow Handoff' is set to 'Disabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L2 | MDM | ACCESS CONTROL |
| 2.4.6 Disable DVD or CD Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1.17 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.17 Ensure 'Allow Handoff' is set to 'Disabled' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.18 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow Handoff' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.21 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.21 Ensure 'Allow Handoff' is set to 'Disabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.25 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.2.1.25 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | SECURITY ASSESSMENT AND AUTHORIZATION |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| AIOS-17-012200 - Apple iOS/iPadOS 17 must implement the management setting: enable USB Restricted Mode. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-14-000003 The macOS system must enforce session lock no more than five seconds after screen saver is started. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-000005 The macOS system must configure user session lock when a smart token is removed. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-000007 The macOS system must disable hot corners. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-000054 The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-001017 The macOS system must configure audit log folders to mode 700 or less permissive. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001021 The macOS system must be configured to audit all changes of object attributes. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| APPL-14-001110 The macOS system must configure audit_control group to wheel. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001120 The macOS system must configure audit_control owner to root. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001150 The macOS system must disable password authentication for SSH. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-14-002003 The macOS system must disable Network File System service. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-002006 The macOS system must disable Unix-to-Unix Copy Protocol service. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-002008 The macOS system must disable the built-in web server. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-002017 The macOS system must disable the camera. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002041 The macOS system must disable iCloud Document synchronization. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002043 The macOS system must disable iCloud Photo Library. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002053 The macOS system must disable the system settings pane for Siri. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002170 The macOS system must disable iCloud Private Relay. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002200 The macOS system must disable personalized advertising. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002250 The macOS system must disable Remote Management. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002270 The macOS system must disable the iCloud Freeform services. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-003011 The macOS system must require passwords contain a minimum of one special character. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-003020 The macOS system must enforce smart card authentication. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-004050 The macOS system must configure install.log retention to 365. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-005052 The macOS system must configure login window to prompt for username and password. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-005052 - The macOS system must configure the login window to prompt for username and password. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-005054 - The macOS system must disable the TouchID prompt during Setup Assistant. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'limit' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| JUSX-DM-000147 - For nonlocal maintenance sessions using SSH, the Juniper SRX Services Gateway must securely configure SSHv2 Message Authentication Code (MAC) algorithms to protect the integrity of maintenance and diagnostic communications. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | MAINTENANCE |
