| 2.3.3.6 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.6 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.9 Ensure Media Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.1 Disable Remote Apple Events | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.5 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled - Submission | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 18 v1.1.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 18 v1.1.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iPadOS 18 v1.1.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 4.9 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 18 v1.1.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| AOSX-15-000023 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting remote access to the operating system. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - UserShell | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-001002 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-15-001013 - The macOS system must be configured with audit log folders owned by root. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001029 - The macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001044 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-002002 - The macOS system must be configured to disable Apple File (AFP) Sharing. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002015 - The macOS system must be configured to disable the Mail iCloud services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002022 - The macOS system must be configured to disable Remote Apple Events. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002031 - The macOS system must be configured to disable the system preference pane for iCloud. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002032 - The macOS system must be configured to disable the system preference pane for Internet Accounts - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002032 - The macOS system must be configured to disable the system preference pane for Internet Accounts - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002035 - The macOS system must be configured to disable the Cloud Setup services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002036 - The macOS system must be configured to disable the Privacy Setup services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002039 - The macOS system must disable Siri setup pop-ups. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002041 - The macOS system must disable iCloud document synchronization. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002042 - The macOS system must disable iCloud bookmark synchronization. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002051 - The macOS system must be configured to disable the system preference pane for TouchID - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002053 - The macOS system must be configured to disable the system preference pane for Siri - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002060 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopers | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002060 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessment | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002067 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - Access Control List | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002069 - The macOS system must authenticate peripherals before establishing a connection. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - ChallengeResponseAuthentication | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-003051 - The macOS system must be configured so that the su command requires smart card authentication. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - ASL | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - Newsyslog | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - Newsyslog | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CISC-RT-000680 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
