| 1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device management | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.7.4 Ensure GDM screen locks when the user is idle | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.7.5 Ensure GDM screen locks cannot be overridden | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.5 Ensure GDM screen locks cannot be overridden | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.3 Ensure GDM session lock is enabled | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Debian 10 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.9 Ensure session idle-delay settings is enforced | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.14 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.14 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.3.7.3 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.7.3 Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.3 Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.4.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL |
| 2.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.31 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.5 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.9 (L1) Host must automatically deactivate shell services | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.9.1 Ensure 'If Lost, Return to...' Message is 'Configured' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.9.1 Ensure 'If Lost, Return to...' Message is 'Configured' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.5.5 Ensure default user shell timeout is configured | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.2.2.4 (L1) Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL |
| 5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.5.4 Ensure default user shell timeout is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.6 Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL |
| 5.6 Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.12 Ensure Logging Is Enabled for Sudo | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL |
| 18.5.9 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 18.5.10 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
