| 2.1.1.4 Audit Security Keys Used With Apple Accounts | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.1.3 Secure Backup Credentials | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Disaster Recovery (DR) Plan | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | CONTINGENCY PLANNING |
| 2.2 Dedicate the Machine Running MariaDB | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - AutoSubmit | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - Siri Opt-In | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - Submission | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6 Ensure 'password_lifetime' is Less Than or Equal to '365' | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.7.1 iCloud configuration | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 2.11 Java 6 is not the default Java runtime | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Disable Bonjour advertising service | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Enable Auditing of Incoming Network Connections | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Create network specific locations | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 4.4 Enable Auditing of Process and Privilege Events | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Harden Usage for 'local_infile' on MariaDB Clients | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 4.7 Ensure the 'secure_file_priv' is Configured Correctly | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 5.4 Automatically lock the login keychain for inactivity | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 5.13 Create a Login window banner | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 5.16 Secure individual keychain and items | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 5.17 Create specialized keychains for different purposes | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 6.1 Ensure 'log_error' is configured correctly | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure Log Files are Stored on a Non-System Partition | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.4 Safari disable Internet Plugins for global use | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.5 Ensure the Audit Plugin Can't be Unloaded | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.1 Disable use of the mysql_old_password plugin | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure strong authentication is utilized for all accounts | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 7.4 Ensure Password Complexity Policies are in Place | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 7.5 Ensure No Users Have Wildcard Hostnames | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 7.9 Apple ID password reset | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 7.11 App Store Password Settings | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 8.1 Ensure 'require_secure_transport' is Set to 'ON' and 'have_ssl' is Set to 'YES' | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1 Ensure Replication Traffic is Secured | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3 Ensure 'super_priv' is Not Set to 'Y' for Replication Users | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-13-000005 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000065 - The macOS system must be configured with Bluetooth turned off unless approved by the organization. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-13-000142 - The macOS system must be configured to disable the Network File System (NFS) lock daemon unless it is required. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
