| 2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.26 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.30 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure Non-Default, Unique Cryptographic Material is in Use | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | |
| 2.10 Ensure Secure Keyboard Entry terminal.app is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_failed_connections_threshold | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_min_connection_delay | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 2.14 Ensure Only Approved Ciphers are Used - ssl_cipher | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | SYSTEM AND SERVICES ACQUISITION |
| 2.15 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 2.15 Implement Connection Delays to Limit Failed Login Attempts - connection_control_min_connection_delay | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 2.15 Limit Accepted Transport Layer Security (TLS) Versions | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L2 Database | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Limit Accepted Transport Layer Security (TLS) Versions | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.18 Implement Connection Delays to Limit Failed Login Attempts | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 Database | MySQLDB | ACCESS CONTROL |
| 3.1 Ensure 'datadir' Has Appropriate Permissions | CIS MySQL 5.6 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1 Ensure 'datadir' Has Appropriate Permissions | CIS MySQL 5.6 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1 Ensure 'datadir' Has Appropriate Permissions | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | |
| 3.1 Ensure 'datadir' Has Appropriate Permissions | CIS MySQL 8.0 Enterprise Linux OS L1 v1.4.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS MySQL 5.6 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Disable Bonjour advertising service | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1 Ensure 'maxAllowedContentLength' is configured | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Restrict access to $CATALINA_HOME | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Restrict access to $CATALINA_HOME | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.1 Restrict access to $CATALINA_HOME | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 4.1 Restrict Core Dumps - fs.suid_dumpable | CIS Debian Linux 7 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 4.1 Restrict Core Dumps - whoopsie | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1 Set SSL Override Behavior | CIS Mozilla Firefox 38 ESR Linux L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Ensure 'local_infile' Is Disabled | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure 'log_error' is configured correctly | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure 'log_error' is configured correctly | CIS MySQL 8.4 Enterprise v1.0.0 L1 Database | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure 'log_error' Is Not Empty | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.4.1 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.4.1 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.8 Ensure 'audit_log_policy' is Set to 'LOGINS' | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/.login. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| GOOG-09-002300 - Google Android Pie must be configured to disable trust agents. Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the products Common Criteria evaluation. | AirWatch - DISA Google Android 9.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 13 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-13-707200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| KNOX-07-003300 - The Samsung must be configured to disable authentication mechanisms providing user access to protected data - Password | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-002300 - Zebra Android 10 must be configured to disable trust agents - NA for specific biometric authentication factors included in the products Common Criteria evaluation. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-002300 - Zebra Android 10 must be configured to disable trust agents - NA for specific biometric authentication factors included in the products Common Criteria evaluation. | AirWatch - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
