| 1.1.1 Create security user group | CIS HPE Aruba Networking CX Switch v1.0.1 L1 | ArubaOS | ACCESS CONTROL |
| 1.21 Ensure 'Wi-Fi assistant' is set to 'Disabled' | MobileIron - CIS Google Android v1.6.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.21 Ensure 'Wi-Fi assistant' is set to 'Disabled' | AirWatch - CIS Google Android v1.6.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Backup Policy in Place | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS Unix | Unix | CONTINGENCY PLANNING |
| 2.1.1 Backup Policy in Place | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS Unix | Unix | CONTINGENCY PLANNING |
| 2.1.1 Backup Policy in Place | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS on Linux Unix | Unix | CONTINGENCY PLANNING |
| 2.2.26 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.26 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.27 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only) | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.27 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.28 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.28 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.28 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.21 (L1) Ensure 'Allow reporting of domain reliability related data' Is Disabled | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.39 (L1) Ensure 'Allow reporting of domain reliability related data' Is Disabled | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Secure MySQL Keyring | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS on Linux Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Create a user for the container | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Database 19c v2.0.0 L1 RDBMS | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Database 23ai v1.1.0 L1 RDBMS | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 26 Tahoe v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Device is not Obviously Jailbroken | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure Device is not Obviously Jailbroken | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.2 Enable Auditing of Incoming Network Connections | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Harden Usage for 'local_infile' on MySQL Clients | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | CONFIGURATION MANAGEMENT |
| 5.26 Ensure fewer than 5 users have global administrator assignment | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | ACCESS CONTROL |
| 5.27 Ensure there are between 2 and 3 subscription owners | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | ACCESS CONTROL |
| 6.4 Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L2 MySQL RDBMS on Linux MySQLDB | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 13 COPE STIG v2r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 14 COPE STIG v2r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-007200 - Honeywell Android 13 must be configured to disable trust agents. | MobileIron - DISA Honeywell Android 13 COBO STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MOTO-09-002300 - Motorola Android Pie must be configured to disable trust agents. | AirWatch - DISA Motorola Android Pie.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-002300 - Motorola Android Pie must be configured to disable trust agents. | AirWatch - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-002300 - Microsoft Android 11 must be configured to disable trust agents. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MYS8-00-005500 - The MySQL Database Server 8.0 must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| MYS8-00-007500 - The MySQL Database Server 8.0 and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND INFORMATION INTEGRITY |
