| 1.7.2 Ensure 'Select cloud protection level' is set to Enabled: Moderate blocking level' or higher | CIS Microsoft Defender Antivirus v1.0.0 L1 Server | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.7.1 iCloud configuration | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 15.0 Sequoia v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 13.0 Ventura v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 26 Tahoe v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1.1 Ensure EBS volume encryption is enabled in all regions | CIS Amazon Web Services Foundations v7.0.0 L1 | amazon_aws | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.3.4 Ensure that 'Agentless scanning for machines' component status is set to 'On' | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | RISK ASSESSMENT |
| 8.1.8.1 Ensure That Microsoft Defender for Key Vault Is Set To 'On' | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | RISK ASSESSMENT |
| 34.4 (L1) Ensure 'Disable Consumer Account State Content' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL |
| AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud). | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud). | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| ALMA-09-001120 - AlmaLinux OS 9 must automatically lock graphical user sessions after 15 minutes of inactivity. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-001230 - AlmaLinux OS 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-001890 - AlmaLinux OS 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-002000 - AlmaLinux OS 9 must be able to directly initiate a session lock for all connection types using smart card when the smart card is removed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-002990 - AlmaLinux OS 9 SSH client must be configured to use only encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-003320 - The AlmaLinux 9 SSH server must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-003540 - The AlmaLinux OS 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-003760 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the GnuTLS package. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-003980 - AlmaLinux OS 9 must implement DOD-approved encryption in the OpenSSL package. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-004090 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the OpenSSL package. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-004750 - AlmaLinux OS 9 must automatically expire temporary accounts within 72 hours. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-006840 - AlmaLinux OS 9 must have the sudo package installed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-006845 - AlmaLinux OS 9 must have the postfix package installed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-007720 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-008600 - AlmaLinux OS 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-008710 - AlmaLinux OS 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-009480 - AlmaLinux OS 9 SSH daemon must not allow Kerberos authentication. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-009810 - AlmaLinux OS 9 must check the GPG signature of locally installed software packages before installation. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-011680 - AlmaLinux OS 9 must disable the kernel.core_pattern. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-012560 - All AlmaLinux OS 9 local files and directories must have a valid owner. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-012780 - AlmaLinux OS 9 /etc/group- file must be owned by root. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-012890 - AlmaLinux OS 9 /etc/group- file must have mode 0644 or less permissive to prevent unauthorized access. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-013550 - AlmaLinux OS 9 must disable the ability of systemd to spawn an interactive boot process. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-014100 - AlmaLinux OS 9 /etc/gshadow file must be owned by root. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-014210 - AlmaLinux OS 9 /etc/gshadow file must have mode 0000 or less permissive to prevent unauthorized access. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-014650 - All AlmaLinux OS 9 local interactive user home directories defined in the /etc/passwd file must exist. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-015090 - All AlmaLinux OS 9 local interactive users must have a home directory assigned in the /etc/passwd file. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-015200 - Executable search paths within the initialization files of all local interactive AlmaLinux OS 9 users must only contain paths that resolve to the system default or the users home directory. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-015750 - AlmaLinux OS 9 must not allow blank or null passwords. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-016740 - AlmaLinux OS 9 /etc/shadow- file must be owned by root. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-017950 - AlmaLinux OS 9 must not have unauthorized accounts. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002035 - The macOS system must be configured to disable the Cloud Setup services. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002035 - The macOS system must be configured to disable the Cloud Setup services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002035 - The macOS system must be configured to disable the Cloud Setup services. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002035 - The macOS system must be configured to disable the Cloud Setup services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002035 - The macOS system must be configured to disable the Cloud Setup services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
