| 1.2 Enable Auto Update | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Disable Bluetooth 'Discoverable' mode when not pairing devices | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Restrict NTP server to loopback interface - interface listen lo | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.3.10 Ensure Media Sharing Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.10 Ensure Media Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.1 Disable Remote Apple Events | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Disable Remote Apple Events | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.3 Disable Screen Sharing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.9 Disable Remote Management - 'ARDAgent is not running' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.8 Disable sending diagnostic and usage data to Apple | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure http server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 5.1.1 Secure Home Folders | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.3 Complex passwords must contain an Alphabetic Character - '1 letter' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.3 Complex passwords must contain an Alphabetic Character - 'RequiresAlpha' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 5.2.4 Complex passwords must contain a Numeric Character - 'Numeric' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 5.2.5 Complex passwords must contain a Special Character | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.8 Disable automatic login | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.18 System Integrity Protection status | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Disable guest account login | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| AOSX-14-000001 - The macOS system must be configured to prevent Apple Watch from terminating a session lock. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner file | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs). | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| AOSX-14-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - AuthenticationAuthority | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - OpenSSH Version | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| Big Sur - Disable Apple ID Setup during Setup Assistant | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Apple ID Setup during Setup Assistant | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Apple ID Setup during Setup Assistant | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Remote Apple Events | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Remote Apple Events | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Remote Apple Events | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable the System Preference Pane for Apple ID | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable the System Preference Pane for Apple ID | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Apple ID Setup during Setup Assistant | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Apple ID Setup during Setup Assistant | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Remote Apple Events | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable the System Preference Pane for Apple ID | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CIS VMware ESXi 5.5 v1.2.0 Level 1 | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| Monterey - Disable Apple ID Setup during Setup Assistant | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the System Preference Pane for Apple ID | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the System Preference Pane for Apple ID | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the System Preference Pane for Apple ID | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the System Preference Pane for Apple ID | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
