| 1.1 Verify all Apple provided software is current | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Enable system data files and security update installs - 'ConfigDataInstall' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1.4 Audit Security Keys Used With Apple Accounts | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.3 Restrict NTP server to loopback interface - interface ignore wildcard | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.3.7 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.4 Set a screen corner to Start Screen Saver | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 2.4.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.2 Disable Internet Sharing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.6 Disable DVD or CD Sharing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.7 Disable Bluetooth Sharing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.8 Disable File Sharing - AppleFileServer | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - AutoSubmit | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - Siri Opt-In | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - Submission | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.8 Disable sending diagnostic and usage data to Apple | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.4 Enable Firewall Stealth Mode | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10 Enable Secure Keyboard Entry in terminal.app | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Retain appfirewall.log for 90 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Retain install.log for 365 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 5.1.2 Check System Wide Applications for appropriate permissions | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.2.8 Password History | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.1 Display login window as name and password | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.1.4 Disable 'Allow guests to connect to shared folders' - SMB Sharing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| AOSX-13-000005 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| AOSX-13-000065 - The macOS system must be configured with Bluetooth turned off unless approved by the organization. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN - VFI with the globally unique VPN ID assigned for each customer VLAN | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
