| 1.22 Ensure 'Wi-Fi assistant' is set to 'Disabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.26 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.27 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.28 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.26 Ensure fewer than 5 users have global administrator assignment | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL |
| 4.1 Enforce label-based access controls implementation | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 6 v1.2.0 L2 MongoDB | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 4 L2 OS Linux v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure unauthorized API calls are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure only authorized users and groups belong to the esxAdminsGroup group | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | ACCESS CONTROL |
| 4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MySQL 5.6 Community Database L2 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 5.1 Ensure that system activity is audited | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure that system activity is audited | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure that system activity is audited | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure that system activity is audited | CIS MongoDB 4 L1 OS Windows v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MySQL 5.6 Enterprise Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.3.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL flexible server | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 8.3 Set Maximum Connection Limits for Server and per User | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 8.3 Set Maximum Connection Limits for Server and per User | CIS MySQL 8.4 Enterprise v1.0.0 L1 Database | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Set Maximum Connection Limits for Server and per User | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L1 Database | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.4 Ensure 'super_priv' is Not Set to 'Y' for Replication Users | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 9.4 Ensure 'super_priv' is Not Set to 'Y' for Replication Users | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 9.4 Ensure 'super_priv' Is Not Set to 'Y' for Replication Users | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 14 COPE v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-707200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 14 BYOAD v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-007200 - Google Android 15 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-09-002300 - The Honeywell Mobility Edge Android Pie device must be configured to disable trust agents. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-017600 - The Samsung must be configured to disable authentication mechanisms providing user access. Disable Iris Scanner. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-017600 - The Samsung must be configured to disable authentication mechanisms providing user access. Disable Iris Scanner. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
