| 1.1 Ensure All Apple-provided Software Is Current | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled - CriticalUpdateInstall | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.96 APPL-14-002080 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.150 APPL-14-005080 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure the Time Service Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure the Time Service Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure the Time Service Is Enabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure the Time Service Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.2 Ensure the Time Service Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.2.2 Ensure Content Caching Is Disabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2.2 Ensure Content Caching Is Disabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2.2 Ensure Content Caching Is Disabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure Content Caching Is Disabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2.2 Ensure the Time Service Is Enabled | CIS Apple macOS 13.0 Ventura v4.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.2.2 Ensure the Time Service Is Enabled | CIS Apple macOS 15.0 Sequoia v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.2.2 Ensure the Time Service Is Enabled | CIS Apple macOS 14.0 Sonoma v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.2.2 Ensure the Time Service Is Enabled | CIS Apple macOS 26 Tahoe v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.3.8 Ensure Content Caching Is Disabled | CIS Apple macOS 14.0 Sonoma v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.3.8 Ensure Content Caching Is Disabled | CIS Apple macOS 15.0 Sequoia v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.3.8 Ensure Content Caching Is Disabled | CIS Apple macOS 26 Tahoe v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.3.9 Ensure Content Caching Is Disabled | CIS Apple macOS 13.0 Ventura v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.10 Ensure Content Caching Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Ensure Legacy EFI Is Valid and Updating - valid | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.1.3 Ensure Signed System Volume (SSV) Is Enabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.3 Ensure Signed System Volume (SSV) Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.3 Ensure Signed System Volume (SSV) Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.3 Ensure Signed System Volume (SSV) Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.4 Ensure Signed System Volume (SSV) Is Enabled | CIS Apple macOS 15.0 Sequoia v2.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.4 Ensure Signed System Volume (SSV) Is Enabled | CIS Apple macOS 26 Tahoe v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-12-012200 - Apple iOS users must complete required training. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-012200 - Apple iOS users must complete required training. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| APPL-13-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| DISA_IBM_WebSphere_Liberty_Server_STIG_v2r2.audit from DISA IBM WebSphere Liberty Server STIG v2r2 | DISA IBM WebSphere Liberty Server STIG v2r2 | Unix | |
| DISA_IBM_WebSphere_Traditional_9_v1r1.audit for DISA IBM WebSphere Traditional 9 STIG v1r1 | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | |
| DISA_STIG_Apache_Site-2.2_Unix_v1r11.audit from DISA Apache 2.2 Unix STIG v1r11 | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | |
| DISA_STIG_Apache_Tomcat_Application_Server_9_v3r3_Middleware.audit from DISA Apache Tomcat Application Server 9 v3r3 STIG | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | |
| DISA_STIG_Canonical_Ubuntu_20.04_LTS_v2r4.audit from DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | |
| DISA_STIG_EDB_PostgreSQL_Advanced_Server_v9.6_v2r3_OS_Linux.audit from DISA EDB Postgres Advanced Server v9.6 v2r3 STIG | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | |
| DISA_STIG_IIS_10.0_Web_Site_v2r14.audit from DISA Microsoft IIS 10.0 Site v2r14 STIG | DISA IIS 10.0 Site v2r14 | Windows | |
| DISA_STIG_Microsoft_Internet_Explorer_11_v2r7.audit from DISA Microsoft Internet Explorer 11 v2r7 STIG | DISA STIG IE 11 v2r7 | Windows | |
| DISA_STIG_Microsoft_Windows_Server_2019_v3r8.audit from DISA Microsoft Windows Server 2019 STIG v3r8 | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | |
| DISA_STIG_Microsoft_Windows_Server_2022_v2r8.audit from DISA Microsoft Windows Server 2022 STIG v2r8 | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | |
| DISA_STIG_SUSE_Linux_Enterprise_Server_15_v2r6.audit from DISA SUSE Linux Enterprise Server 15 STIG v2r6 | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 STS Tomcat v1r3 STIG | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | |
| EX16-ED-000570 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000122 - Active hyperlinks in messages from non .mil domains must be rendered unclickable. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
