| 2.2.21 Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.32 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.8.1.2 Ensure Sleep and Display Sleep Is Enabled on Apple Silicon Devices | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.9.1.2 Ensure Sleep and Display Sleep Is Enabled on Apple Silicon Devices | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L2 | MDM | MEDIA PROTECTION |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L2 | MDM | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.2.1.14 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3 Ensure that, if applicable, SELinux security options are set | CIS Docker v1.7.0 L2 Docker - Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.51.1.1 Ensure 'Configure Windows NTP Client' is set to 'Enabled: NT5DS' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.51.1.1 Ensure 'Configure Windows NTP Client' is set to 'Enabled: NT5DS' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.42 Ensure 'Operating System is maintained at a supported servicing level' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.56 Ensure 'Separate NSA-approved (Type 1) cryptography is used' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.56 Ensure 'Separate NSA-approved (Type 1) cryptography is used' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-02-080013 - Apple iOS must be configured to disable Touch ID. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-02-080013 - Apple iOS must be configured to disable Touch ID. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-12-001000 - Apple iOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store]. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-12-001000 - Apple iOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store]. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-001000 - Apple iOS/iPadOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store]. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-15-011900 - Apple iOS/iPadOS 15 users must complete required training. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011900 - Apple iOS/iPadOS 15 users must complete required training. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-711900 - Apple iOS/iPadOS 16 users must complete required training. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-011900 - Apple iOS/iPadOS 17 users must complete required training. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-711900 - Apple iOS/iPadOS 17 users must complete required training. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| Big Sur - Configure Apple System Log Files To Mode 640 or Less Permissive | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Big Sur - Enable Recovery Lock | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL |
| Big Sur - Enable Recovery Lock | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | ACCESS CONTROL |
| Big Sur - Enable Recovery Lock | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| Catalina - Configure Apple System Log Files To Mode 640 or Less Permissive | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Apple System Log Files To Mode 640 or Less Permissive | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
| EX13-CA-000010 - Exchange must use Encryption for OWA access. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX16-MB-002910 - Exchange must use encryption for Outlook Web App (OWA) access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| Turn on e-mail scanning | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on e-mail scanning | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000027 - Microsoft Defender AV must be configured to turn on e-mail scanning. | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
